SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2002
    Location
    Chester UK
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Unhappy Managing Users with PHP Again

    lo people,

    I am still messing about with the tutorial: Managing Users, I am trying to add a Change password form, now I do not really know where to start.

    I have created a new file: changepw.php

    This is the first bit of code I have inserted after the required HTML stuff:

    <form method=post action="<?=$PHP_SELF?>">Please type your new password: <?=$username?>
    <table border=0 cellpadding=0 cellspacing=5>
    <td>
    <input name=newpw type=text maxlength=100 size=25>
    <font color=orangered size=+1><TT><B>*</B></TT></font>
    </td>

    <td align=right colspan=2>
    <hr noshade color=black>
    <input type=reset value="Reset Form">
    <input type=submit name="submitok" value=" OK ">
    </td>


    To create a text box called newpw which will be passed to php later on (is that right or am I way off track yet.

    Now I need to connect to the database is this sufficient:

    dbConnect('mydatabase');

    Now do I need check for an empty textbox, like this:

    if ($newpw=="") {
    error("The New Password Field Was Left Blank\\n".
    "Please fill it in and try again.");


    Right I leave it there for now, (I know there is more to do, just taking it a few steps at a time at the moment, helps me understand) I hope this makes sense, am I going in the right direction? am I way of the track, Do I need to add more to the above.

    Any help greatly appreciated.

    Sorry If the above is a load of tosh, But I am willing to learn

    Cheers

  2. #2
    SitePoint Enthusiast
    Join Date
    Jan 2002
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You might want to ask for the old password too in case someone gets access to the site while someone else is still logged in.

    <input type=password name=oldpwd>
    <input type=password name=newpwd>

    Then add the top of the page, you add

    if (isset($submitok))
    {
    // change the password!
    dbConnect('mydatabase');
    $result = mysql_query("SELECT COUNT(id) FROM table WHERE password = \".md5($oldpwd).\"");
    // if you do not store the passwords md5'ed in the database, you might want to change "md5" into "addslashes"
    if (mysql_num_rows($result) == 0)
    {
    // no rows returned... Old password was incorrect!
    echo "The old password was incorrect!";
    }
    else
    {
    mysql_query("UPDATE table SET password = \"".md5($newpwd)."\"");
    echo "Password has been updated!";
    // again, change md5 in addslashes if you don't hash the passwords. (AddSlashes will prevent an error from occurring when someone picks a password with a " in it)
    }
    }

    Hope that helps

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2002
    Location
    Chester UK
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yeah that helps, I have had a quick glance and some off it is starting to make sense

    I'll try it out tomorrow now, work in the am, cheers, for the help, I am sure this thread will be bumped up about this time tomorrow


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •