(adsbygoogle = window.adsbygoogle || []).push({}); Here is the script ive been making. everything seems to work, but it doesn't update the users password.

    

<?php

$host="****SECRET*****"; // Host name 

$username="****SECRET****"; // Mysql username 

$password="****SECRET****"; // Mysql password 

$db_name="****SECRET*****"; // Database name 

$tbl_name="members"; // Table name

 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 

mysql_select_db("$db_name")or die("cannot select DB");



//take the username and prevent SQL injections 

$username = mysql_real_escape_string($username); 



//variables for new/old passess

$newpass = $_POST['newpass'];

$confirmpass = $_POST['confirmpass'];

$id = $POST['id'];



//sure proof denies

$count = 0;



//Checks for the cookie

if (isset($_COOKIE["mycookie"])) {

  $count = 1;

  } else {

  $count = 0;

  }



// If result matched $myusername and $mypassword, table row must be 1 row



  if ($count==1) { 

	setcookie('mycookie', 'Test mycookie', time()+3600*24);

	

//display all users

$display = mysql_query("SELECT * FROM members ORDER BY ID");

	

//begin the query 

$sql = mysql_query("SELECT * FROM $tbl_name WHERE username = '".$username."' LIMIT 1");



//acutal shit

if (isset($_POST['password']))

 

{ 

//Prevent SQL injections 

$username = mysql_real_escape_string($_POST['username']); 

 

//Get MD5 hash of password 

$password = sha256(md5(sha1(sha512(mysql_real_escape_string($_POST['password']))))); 



//Check to see if username exists 

$sql = ("SELECT * FROM $tbl_name WHERE password = '".$password."' ");

$result = mysql_query($sql);



if (mysql_num_rows($result) < 1) {

	echo "That is not your current password";

	} else {

		if ($confirmpass==$newpass) {

		$querynew = ("UPDATE $tbl_name SET password='$newpass' WHERE id='$session[id]'");

		$resultnew = mysql_query($querynew) or die(mysql_error());

		echo "Password changed!";

		} else {

		echo "Passwords Do not match!";

		}

	}

} else {

 echo "Change your password";

}



echo "`

<html></html>

<a href='index.php'>Go Back</a>

<center>

<table>

<form action='change.php' method='post'>

<tr><td>Current Password:</td><td><input name='password' type='text' /></tr></td><br />

<tr><td>New Password:</td><td><input name='newpass' type='text' /></td></tr><br />

<tr><td>Confirm Password:</td><td><input name='confirmpass' type='text' /></td></tr><br />

<tr><td><input type='submit' value='Change Password' /></td></tr>

</table>

</form>

</center>

";



//html for display all users

echo "<center><table border='1'>

<tr>

<th>UserName</th>

<th>ID</th>

</tr>";



while($row = mysql_fetch_array($display))

  {

  echo "<tr>";

  echo "<td>" . $row['username'] . "</td>";

  echo "<td>" . $row['id'] . "</td>";

  echo "</tr>";

  }

echo "</table></center>";





		} else {

		echo "You do not have permissions on this page!";

		}

?>

In that script you can see that it shows the users and id's of them.

it also displays a form that has to enter the current password, and if it's not right it won't do anything, and then the new passwords have to match to do the process. now the actually update script itself.

$querynew = ("UPDATE $tbl_name SET password='$newpass' WHERE id='$session[id]'");
$resultnew = mysql_query($querynew) or die(mysql_error());

now that SHOULD update the memebers table to the user that is logged in (admin) and change the password with the one posted in the form.

now what's wrong with that script?

1. Your a retard don't come on here and insult me on my thread.

2. I already have a login, and this wasn't what this thread was about so read before your little bitch ass has something to say for it.