Home/ Questions/Q 8020135
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-04T21:36:07+00:00

I have a page title changepassword.php … In this page, users are able to

  • 0

I have a page title changepassword.php … In this page, users are able to change their password for an account. The query goes through and gives the message that it sent, however, the database does not change. The password stays the same as it used to be. I am using a sha1 hash that I am not used to (first time using it). Anyone know what is happening with it? Thanks!

    <?php

    session_start ();

    $user_name = $_SESSION['user_name'];

    if($user_name)
    {
    //user is logged in

    if(isset($_POST['submit']))
    {
    //check fields

    $oldpassword = $_POST['oldpassword'];
    $newpassword = $_POST['newpassword'];
    $repeatnewpassword = $_POST['repeatnewpassword'];

    //check password against db

    $connect=mysql_connect("localhost","root","passssssssword") or die();
    mysql_select_db("database") or die();

    $queryget= mysql_query ("SELECT user_pass FROM users WHERE user_name='$user_name'")         or die("Query didn't work.");
    $row = mysql_fetch_assoc ($queryget);

    $oldpassworddb = $row['user_pass'];

    //check passwords

if (sha1($oldpassword)==$oldpassworddb)
{
    if ($newpassword==$repeatnewpassword)
    {
        if (strlen ($newpassword)>25 || strlen ($newpassword)<6)
        {
        echo "Password must be between 6 and 25 characters";
        }
        else
        {
        //change password in db 

        $newpassword = sha1($newpassword);

        $querychange = mysql_query("UPDATE users SET         password='$newpassword' WHERE user_name='$user_name'");
        session_destroy();
        die ("Your password has been changed. <a         href='index.php'>Return</a> to the main page and login with your new password.");
        }

    }
    else
        die ("New passwords do not match!");

}
else
    die ("Old password is inncorrect!");

    }

    else
    {
    echo
    "<form action = 'changepassword.php' method = 'POST'>
    <table>
    <tr>
        <td>
    Old password: 
        </td>
        <td>
    <input type='text' name='oldpassword'><p>
        </td>
    </tr>
    <tr>
        <td>
    New password: 
        </td>
        <td>
    <input type='password' name='newpassword'>
        </td>
    </tr>
    <tr>
        <td>
    Repeat new password: 
        </td>
        <td>
    <input type='password' name='repeatnewpassword'>
        </td>
    </tr>
    <table>
    <input type='submit' name='submit' value='Change password'>
    </form>
    ";
    }


    }
    else
die("You must be logged in to change your password!");
    ?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Query_1:

    SELECT user_pass FROM users WHERE user_name='$user_name'

    Your Query_2:

    UPDATE users SET **password**='$newpassword' WHERE user_name='$user_name'

    But, Query_2 should be:

    UPDATE users SET **user_pass**='$newpassword' WHERE user_name='$user_name'
    • 0