I am having trouble getting this to work correctly I am trying to clean up my php files and make a function that changes the users password. It works fine if I keep the copied code from the function file under function setPass in the Login_success.php file. When I copy the working code into the functions.php file with a function name setPass it does not work I am not getting an error message either. I realize that not using PDO prepared statements is unsafe but I will change it once I get this working. Here is my code for the login_success file and the functions file:
Functions.php
<?php
require 'DB.php';
function setPass(){
foreach($conn->query("SELECT password FROM CLL_users WHERE user_name= '$userCurrent'") as $password1) {
$old_pass = ($password1['password']);
}
$new_pass = md5($_POST['new_pass']);
if (md5($_POST['old_password']) == ($old_pass) && ($_POST['new_pass']) == ($_POST['verify_pass'])) {
$sql="UPDATE CLL_users SET password= '$new_pass' WHERE user_name= '$userCurrent'";
$result=mysql_query($sql);
echo "Match";
} else {
echo "Not a Match";
}
}
?>
login_success.php
<?php
require 'functions.php';
require 'DB.php';
session_start();
session_is_registered(myusername);
$userCurrent = $_SESSION['myusername'];
$host="localhost"; // Host name
$username="user"; // Mysql username
$password="XXXXXX"; // Mysql password
$db_name="db"; // Database name
$tbl_name="CLL_users"; // Table name
date_default_timezone_set('America/Chicago');
$dateCreated = date('m/d/Y h:i:s a', time());
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql="UPDATE CLL_users SET last_login= '$dateCreated' WHERE user_name= '$userCurrent'";
$result=mysql_query($sql);
if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>
<!DOCTYPE html>
<html>
<head>
<title>user</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<LINK href="CLL.css" rel="stylesheet" type="text/css">
</head>
<body>
<form id ="css" action="" method="post">
<div class="row">
<label class ="formLabel" for="old_password">Old password:</label>
<input type="password" name="old_password" id="old_password" />
<br> <label class ="formLabel" for="new_pass">New Password:</label>
<input type="password" name="new_pass" id="new_pass" />
<br> <label class ="formLabel" for="verify_pass">Verify new password:</label>
<input type="password" name="verify_pass" id="verify_pass" />
</div>
<input type="submit" />
</form>
<?php
$_POST['old_password'] = $old_pass;
$_POST['new_pass'] = $new_pass;
$_POST['verify_pass'] = $verify_pass;
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
setPass($userCurrent, $old_pass, $new_pass, $verify_pass);
}
?>
</body>
</html>
I think the problem lays in the sequence of the code. You should try passing $userCurrent as a parameter, try and use this function: (I also fixed a few syntax errors)
btw,
what the BBQ where you thinking here, lol: