Hey guys, I am creating a form that allows a logged in user to enter a new password for their, account, I already have the query set up to update the password, but in my form I have the first input set to take the existing password, which must match the existing value of password in the database before the update will be performed. I cannot figure out how to do this check, the whole thing must be done with one POST submit. Check the entered password matches the one currently in the database and if it matches then updates the current value to that of the passwordnew value. here is my form:
<fieldset>
<legend>Change Password</legend>
<form action="changepass.php" method="POST">
<label>Current Password :</label>
<input type="password" name="password" /><br />
<label>New Password :</label>
<input type="password" name="passwordnew" /><br/>
<label>Repeat New Password :</label>
<input type="password" name="passwordnewRepeat" /><br/>
<input class="signbutt" type="submit" value="Save"/><br />
</form>
</fieldset>
here is the SQL i have for the password update:
$userid = $_SESSION['userID'];
$passwordnew=$_POST['passwordnew'];
$password=$_POST['password'];
$password_hash = md5($passwordnew);
if ($password)
$sql = "UPDATE cryptuser SET password='" . $password_hash."' WHERE userID ='" . $userid ."' ";
//Check SQL Query
$stmt = sqlsrv_query( $conn, $sql,array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
if(!$stmt)
{
die('An error has occured with your registration. If this is an indeliberate occurance,
please report this to us through the contact us page with details of the error.');
}
else{
echo'Your password was changed';
}
I have a third input which I will later use JavaScript to compare the new password with a re-enter.
If anyone can help me figure out how to do this that would be great!
Thanks
WHERE password = '“.md5($password).” AND userID = ‘“.$userid.”’";
then add a line for checking if [FPHP]sqlsrv_rows_affected[/FPHP] == 1.
Hey Starlion, could you please explain the check part I have been trying to get it the way you suggested and I cant output the result: Here is my updated code:
$passwordnew=$_POST['passwordnew'];
$password=$_POST['password'];
$password_hash = md5($passwordnew);
$sql = "UPDATE cryptuser SET password='" . $password_hash."' WHERE password = '".md5($password)."' AND userID ='" . $userid ."' ";
//Check SQL Query
$stmt = sqlsrv_query( $conn, $sql,array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
if(!$stmt)
{
die('An error has occured with your registration. If this is an indeliberate occurance,
please report this to us through the contact us page with details of the error.');
}
if ($password_hash != md5($passwordnew))
{
echo'password not match';
}
elseif ($password_hash == md5($passwordnew)){
echo'Your password was changed';
}
sqlsrv_rows_affected will tell you how many rows were affected by the previous UPDATE query. If the person gave a bad ‘current password’, then the WHERE clause would cause the update query to update 0 rows. If they gave a correct current password, then the UPDATE query would have affected 1 row.
I think I am almost there I always get password incorrect whether the row was updated or not, any suggestions why?
$passwordnew=$_POST['passwordnew'];
$password=$_POST['password'];
$password_hash = md5($passwordnew);
$sql = "UPDATE cryptuser SET password='" . $password_hash."' WHERE password = '".md5($password)."' AND userID ='" . $userid ."' ";
//Check SQL Query
$stmt = sqlsrv_query( $conn, $sql,array(), array( "Scrollable" => SQLSRV_CURSOR_KEYSET ));
$rows_affected = sqlsrv_rows_affected( $stmt);
if( $rows_affected == 0) {
die('password incorrect');
}
if( $rows_affected == 1) {
echo'Your password was changed';
}
if(!$stmt)
{
die('An error has occured with your registration. If this is an indeliberate occurance,
please report this to us through the contact us page with details of the error.');
}
Is the row updating? Have you verified that? Try making it === 0 instead of ==… (Might be returning FALSE)
The row is definitely updating, I changed it to === now I am just getting a blank screen whether the password is correct or not, but when I enter the correct password it will change the password to the desired new password. I have no idea why the output isn’t working
sqlsrv for some reason is returning FALSE, despite actually completing the transaction. (you can verify this by doing var_dump(sqlsrv_rows_affected($stmt)); It should come up as bool(false))
Yes you are right it is indeed returning bool(false)
I have no idea why because I know the password is changing I am checking it every time.
Yes, that’s very strange…I’m going to tag a few people here…
@Cups @r937 @guido2004 : Guys, any idea why this function might be throwing FALSE while still executing?
I really appreciate your help with this!!
Cheers!
I never used the sqlsrv extension, but after reading the manual I’d advise you to try what you can see in example #1
$rows_affected = sqlsrv_rows_affected( $stmt);
if( $rows_affected === false) {
die( print_r( sqlsrv_errors(), true));
} elseif( $rows_affected == -1) {
echo "No information available.<br />";
} else {
echo $rows_affected." rows were updated.<br />";
}
And see what happens.
Hi Guido2004, my code originally came from the exact source you suggested. I have tried the exact same code as the manual and it still returns false, even when the password is being updated. Thanks for your input.
Did you add the if-elseif-else? It should give you an error message if rows_affected is false.
I did add everything, and nothing changed, but now I deleted the last half of my statement now it is doing something else, it seems to be working, if I could just figure out how to convert it into “The password was changed” or “Incorrect password, try again”
Here is my latest code:
$passwordnew=$_POST['passwordnew'];
$password=$_POST['password'];
$password_hash = md5($passwordnew);
$sql = "UPDATE cryptuser SET password='" . $password_hash."' WHERE password = '".md5($password)."' AND userID ='" . $userid ."' ";
//Check SQL Query
$stmt = sqlsrv_query( $conn, $sql);
var_dump(sqlsrv_rows_affected($stmt));
$rows_affected = sqlsrv_rows_affected( $stmt);
if( $rows_affected === false) {
echo "Password incorrect.<br />";
} elseif( $rows_affected === true) {
echo $rows_affected." Password was changed.<br />";
}
?>
So now when the password is successfully changed I see this: int(1) and when it is not changed, I see: int(0)
Perhaps this is because I am still dumping the sqlsrvrows_affected??
Any suggestions how I can get it to output my strings ?
Many thanks for all your help!