This page is to allow the user to change his password after having previously logged in.
I can’t seem to see why my UPDATE isn’t working … the code is picking up the correct values of the variables from the form, there isn’t any issue with the mySQL query that I can see, but somehow the UPDATE isn’t reaching the database.
I tried other threads on this forum, and stared at the code for hours trying different things, but what I think I really need is a fresh pair of eyes. Can anyone help me please?
<?php
require_once("inc/session.php");
require_once("inc/connect_db.php");
require_once("inc/functions.php");
include_once("inc/form_functions.php");
?>
<?php
if ($_POST['submit'] == "Change Password") { // form has been submitted
$errors = array();
//perform validations on the form data
$required_fields = array('new_password', 'confirm_password');
$errors = array_merge($errors, check_required_fields($required_fields, $_POST));
$fields_with_lengths = array('new_password' => 20, 'confirm_password' => 20);
$errors = array_merge($errors, check_max_field_lengths($fields_with_lengths, $_POST));
$id = $_POST['id'];
$new_password = md5(trim(mysql_prep($_POST['new_password'])));
$confirm_password = md5(trim(mysql_prep($_POST['confirm_password'])));
// print out passwords to check whether variables have picked up the values
print("<p class=\\"report\\">$new_password :: $confirm_password</p>");
if (empty($errors)) { // there are no form errrors
// the user is already logged in, so his old password does not need to be checked
if ($new_password == $confirm_password) { // the two instances of new password match
// print out id to check whether variable has picked up the value
print("<p class=\\"report\\">$id</p>");
$query = "UPDATE users
SET password = '$new_password'
WHERE id = '$Id' ";
$result = mysql_query($query, $mysql_link);
confirm_query($result);
} else { // the two instances of new password don't match
$msg = "<p class=\\"message\\">Make sure you type the same new password twice.</p>";
}
} else { // there are errors in the form
if (count($errors) == 1) {
$msg = "There was 1 error in the form.";
} else {
$msg = "There were " . count($errors) . " errors in the form.";
}
}
//header('Location: index.php');
//exit;
}
?>
<?php
include_once("inc/header.php");
?>
<h2>Change Password</h2>
<?php
if (!empty($msg)) {
echo $msg;
}
if (!empty($errors)) {
display_errors($errors);
}
?>
<p>Please insert your old password and your new password below:</p>
<form name="add_user" action="change_password.php" method="post">
<table>
<tr>
<td class="label">Username:</td>
<td><input type="hidden" name="id" value="<?php print("{$_SESSION['user_id']}"); ?>" />
<input type="text" name="username" id="username" class="textbox" maxlength="30" value="<?php print("{$_SESSION['username']}"); ?>" /><td>
</tr>
<tr>
<td class="label">New Password:</td>
<td><input type="password" name="new_password" id="password" class="textbox" maxlength="20" value=""/></td>
</tr>
<tr>
<td class="label">Confirm New Password:</td>
<td><input type="password" name="confirm_password" id="password" class="textbox" maxlength="20" /></td>
</tr>
<tr>
<td class="label"> </td>
<td><input type="submit" name="submit" id="submit" class="button" value="Change Password"/></td>
</tr>
</table>
</form>
<?php
include_once("inc/footer.php");
?>