<?
// Inialize session
session_start();
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username']))
{
header('Location: AdminLogin.php');
}
?>
<html lang="en-GB" xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" href="AdminLogin.css" type="text/css" />
<title>Welcome to ASM Services Inc.</title>
<script type="text/javascript" language=JavaScript>
var message="";
function clickIE()
{
if (document.all)
{(message);return false;}}
function clickNS(e) {if
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers)
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
document.oncontextmenu=new Function("return false")
</script>
</head>
<body>
<div class="login">
<?php
require("adminconfig.inc");
$user = $_SESSION['username'];
echo "<form name=form1 method=post>
<table width=100 border=0 align=center>
<tr>
<font size=5 face=Arial color=yellow>Change Password</font>
</tr>
<table>
<tr>
<td><font size=4 face=Tahoma color=yellow>Username:</font></td>
<td><input type=text name='username1' value='$user' size=20 AUTOCOMPLETE = off ></td>
</tr>
<tr>
<td><font size=4 face=Tahoma color=yellow>Password:</font></td>
<td><input type=password name=password size=20 AUTOCOMPLETE = off></td>
</tr>
<tr>
<td><font size=4 face=Tahoma color=yellow>New Password</font></td>
<td><input type=password name=new_pass size=20 AUTOCOMPLETE = off></td>
</tr>
<tr>
<td><font size=4 face=Tahoma color=yellow>Confirm Password:</font>:</td>
<td><input type=password name=con_pass size=20 AUTOCOMPLETE = off></td>
</tr>
</table>
<table>
<tr>
<input type=submit value=Ok name='btnCheck'>
<input type=submit value=Cancel name=btnCancel onClick='this.form.reset()'>
</tr>
</table>
</table>
</form>";
?>
<?php
require("adminconfig.inc");
$user = $_POST['username1'];
$pass = $_POST['password'];
$new_pass = trim($_POST['new_pass']);
$con_pass = trim($_POST['con_pass']);
if(isset($_POST['btnCheck']))
{
// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT Log_User, Log_Pass, User_Type FROM LOG_IN WHERE
(Log_User = '" . mysql_real_escape_string($_POST['username1']) . "')
and
(Log_Pass = '" . mysql_real_escape_string($_POST['password']) . "')
and
(User_Type = 'member')")
or die('Query failed: ' . mysql_error() . "<br />\n$sql"); ;
//Check username and password match
if (mysql_num_rows($login) == 1)
{
if(trim('$new_pass') == trim('$con_pass'))
{
$sql=mysql_query("UPDATE log_in SET Log_Pass='$new_pass' where username='$user'");
if(!$sql)
{
echo "fail updating!";
}
else
{
echo "success!";
echo "<script type = text/javascript>";
echo "alert('The new password has been changed successfully.');";
echo "</script>";
}
}
else
{
echo "fail!";
echo "<script type = text/javascript>";
echo "alert('Error. New Password and Confirm Password are not the same. Please make it sure that they are the same.');";
echo "</script>";
}
}
}
?>
</div>
<div class="copyright">
© Copyright 2011 <strong>ASM Services Inc.</strong>
</div>
</body>
</html>
This is my whole code for changing the password of the user. I really don’t what’s the exact error of my code. Whenever I change the password, it always brings to the “Error. New Password and Confirm Password are not the same”.
Your current code has:
You are comparing the strings
'$new_pass'&'$con_pass'and not the variables$new_pass&$con_pass. Also don’t use should not usetrimas the user might have space in his passwords.Change
to
Also you read the passwords from the form as:
You should not be using
trimhere as well. If the user wants to have space at the end/beginning of his password, your logic will fail as the user thinks his password has the space but the password you enter in the DB will not have space.