Home/ Questions/Q 9226015
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T04:43:31+00:00

im writing this php script to update user passwords, requiring old pasword, new and

  • 0

im writing this php script to update user passwords, requiring old pasword, new and new confirmation. It all works it seems up to the actual UPDATE mysql statement. Not sure what I’ve done wrong, al help appreciated!

Also, I am aware its not secure and such, I am just trying ot make it work first im a php newbie!

I’m tearing my hair out, when I run this, everything seems to work except it breaks just before if (empty($error)){ , i have tested the echo for session email and it displays that, however it does not update the database with the new password. Please help! below is my code:

<?php
session_start();

include('database_connection.php');

$error = array();

if (empty($_POST['oldpassword'])){
$error[] ='You did not enter your current password!';
} else {
    $oldpassword = $_POST['oldpassword'];
}



if (empty($_POST['newpassword'])){

    $error[] = 'You did not enter a new password!';
} else {
    if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["newpassword"])){
        $newpassword = $_POST['newpassword'];
    } else{
        $error[] = 'Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit!';
    }
}

if (empty($_POST['newpasswordcon'])){
    $error[] = 'You did not enter your new password confirmation!';
} else {
    if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $_POST["newpasswordcon"])){
        $newpasswordcon = $_POST['newpasswordcon'];
    } else{
        $error[] = 'Password must be at least 8 characters and must contain at least one lower case letter, one upper case letter and one digit!';
    }
}


if($_POST['newpassword'] != $_POST['newpasswordcon']){
$error[] ='New password and confirmation do not match!' ;
}


$sql = "SELECT password FROM users WHERE email='" . $_SESSION['email'] . "'";
$result = mysql_query($sql);


if( $r = mysql_fetch_array($result) ) {
extract($r);



if($_POST['oldpassword'] != $password);{
$error[] ='Incorrect current password!';

}

//breaks here
echo $_SESSION['email'];

if (empty($error)){

echo $_SESSION['email'];
mysql_query("UPDATE users SET password='$newpassword' WHERE email='" . $_SESSION['email'] . "'");


echo '<p class ="alert alert-success fade in">Success! Your password has been updated!</p>';

}
} else{

    foreach ($error as $key => $values) {

            echo '<p class ="alert alert-error fade in">'.$values.'</p>';


}
}
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    There is a semicolon which should not be there.

    if ($_POST['oldpassword'] != $password);{ // <- remove this semicolon after )
   $error[] ='Incorrect current password!';
}
    • 0