I’m quite new with PHP/Jquery and I am trying to do an update password script for my web site. So far the passwords update but I’m struggling to think of how I would validate this to check against the old password.
Also, how would it be possible to display the error messages in an alert box (like java alert window). The reason I ask is because I would need to create an alert box if the old password doesn’t match the password that exists in the database.
Any help on this would be much appreciated. If you need any additional code I will post this ASAP.
// *Update Profile Password* //
$("#btn-profile-update2").bind('click', function(){
// Get info from text boxes
/* var profile_oldpassword = $('#txt-prof-oldp').val(); */
var profile_newpassword = $('#txt-prof-newp').val();
var profile_confirmpassword = $('#txt-prof-confp').val();
new_password = $('#txt-prof-newp').val();
old_password = $('#txt-prof-oldp').val();
if (profile_newpassword !== profile_confirmpassword) {
response = "Passwords entered do not match"
alert(response);
return;
}
// An array of field names to be updated
var arr_field_names = Array();
// Add the field name to index of array
arr_field_names[0] = "Password";
// An array of field values that correspond with our field names...
var arr_field_values = Array();
arr_field_values[0] = profile_newpassword;
// Send to updateProfDetails function
updatePassword(arr_field_names,arr_field_values,new_password,old_password);
});
});
Which sends to this function:
function updatePassword(arr_field_names,arr_field_values,new_password,old_password) {
// Ajax parameters...
$.ajax({
// Request sent from control panel, so send to cp.request.php (which is the handler)
url: 'scripts/php/bootstrp/cp.request.php',
type: 'GET',
data: {
ft: "password",
table: "tblusers",
oldpassword: old_password,
newpassword: new_password,
field_names: arr_field_names,
field_values: arr_field_values,
// Either pass a row id as the 'id' OR a where clause as the 'condition' never both
id: null,
condition: null
},
dataType: 'text',
timeout: 20000,
error: function(){
$('#cp-div-error').html('');
$('#cp-div-error').append('<p>There was an error updating the data, please try again later.</p>');
$('#cp-div-error').dialog('open');
},
success: function(response){
// Refresh page
// location.reload(true);
}
});
}
and finally the PHP update:
public function password($tableName)
{
$PDO = new SQL();
$dbh = $PDO->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);
$username = UserAccount::get_useremail();
$password = hash('sha256',trim($_GET['newpassword']));
$oldpassword = hash('sha256',trim($_GET['oldpassword']));
// Does the password given match the password held?
$this->sql = "UPDATE $tableName SET password = '$password' WHERE UserName = '$username'";
try {
// Query
$stmt = $dbh->prepare($this->sql);
$stmt->execute();
$count = $stmt->rowCount();
echo $count.' row(s) updated by SQL: '.$stmt->queryString;
$stmt->closeCursor();
}
catch (PDOException $pe) {
echo 'Error: ' .$pe->getMessage(). 'SQL: '.$stmt->queryString;
die();
}
// Close connection
$dbh = null;
}
You almost got it.. key is here:
just play with response maybe something like this: