Post: PHP Change Password ISSUE MYSQL
Options
10-17-2011, 07:40 PM
#1
Jakes625
Guest
<?php
$host="****SECRET*****"; // Host name
$username="****SECRET****"; // Mysql username
$password="****SECRET****"; // Mysql password
$db_name="****SECRET*****"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//variables for new/old passess
$newpass = $_POST['newpass'];
$confirmpass = $_POST['confirmpass'];
$id = $POST['id'];
//sure proof denies
$count = 0;
//Checks for the cookie
if (isset($_COOKIE["mycookie"])) {
$count = 1;
} else {
$count = 0;
}
// If result matched $myusername and $mypassword, table row must be 1 row
if ($count==1) {
setcookie('mycookie', 'Test mycookie', time()+3600*24);
//display all users
$display = mysql_query("SELECT * FROM members ORDER BY ID");
//begin the query
$sql = mysql_query("SELECT * FROM $tbl_name WHERE username = '".$username."' LIMIT 1");
//acutal shit
if (isset($_POST['password']))
{
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
//Get MD5 hash of password
$password = sha256(md5(sha1(sha512(mysql_real_escape_string($_POST['password'])))));
//Check to see if username exists
$sql = ("SELECT * FROM $tbl_name WHERE password = '".$password."' ");
$result = mysql_query($sql);
if (mysql_num_rows($result) < 1) {
echo "That is not your current password";
} else {
if ($confirmpass==$newpass) {
$querynew = ("UPDATE $tbl_name SET password='$newpass' WHERE id='$session[id]'");
$resultnew = mysql_query($querynew) or die(mysql_error());
echo "Password changed!";
} else {
echo "Passwords Do not match!";
}
}
} else {
echo "Change your password";
}
echo "`
<html></html>
<a href='index.php'>Go Back</a>
<center>
<table>
<form action='change.php' method='post'>
<tr><td>Current Password:</td><td><input name='password' type='text' /></tr></td><br />
<tr><td>New Password:</td><td><input name='newpass' type='text' /></td></tr><br />
<tr><td>Confirm Password:</td><td><input name='confirmpass' type='text' /></td></tr><br />
<tr><td><input type='submit' value='Change Password' /></td></tr>
</table>
</form>
</center>
";
//html for display all users
echo "<center><table border='1'>
<tr>
<th>UserName</th>
<th>ID</th>
</tr>";
while($row = mysql_fetch_array($display))
{
echo "<tr>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['id'] . "</td>";
echo "</tr>";
}
echo "</table></center>";
} else {
echo "You do not have permissions on this page!";
}
?>
In that script you can see that it shows the users and id's of them.
it also displays a form that has to enter the current password, and if it's not right it won't do anything, and then the new passwords have to match to do the process. now the actually update script itself.
$querynew = ("UPDATE $tbl_name SET password='$newpass' WHERE id='$session[id]'");
$resultnew = mysql_query($querynew) or die(mysql_error());
now that SHOULD update the memebers table to the user that is logged in (admin) and change the password with the one posted in the form.
now what's wrong with that script?
10-17-2011, 08:44 PM
#2
Epic?
Awe-Inspiring
Originally posted by jp4priest
Here is the script ive been making. everything seems to work, but it doesn't update the users password.
In that script you can see that it shows the users and id's of them.
it also displays a form that has to enter the current password, and if it's not right it won't do anything, and then the new passwords have to match to do the process. now the actually update script itself.
$querynew = ("UPDATE $tbl_name SET password='$newpass' WHERE id='$session[id]'");
$resultnew = mysql_query($querynew) or die(mysql_error());
now that SHOULD update the memebers table to the user that is logged in (admin) and change the password with the one posted in the form.
now what's wrong with that script?
<?php
$host="****SECRET*****"; // Host name
$username="****SECRET****"; // Mysql username
$password="****SECRET****"; // Mysql password
$db_name="****SECRET*****"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//variables for new/old passess
$newpass = $_POST['newpass'];
$confirmpass = $_POST['confirmpass'];
$id = $POST['id'];
//sure proof denies
$count = 0;
//Checks for the cookie
if (isset($_COOKIE["mycookie"])) {
$count = 1;
} else {
$count = 0;
}
// If result matched $myusername and $mypassword, table row must be 1 row
if ($count==1) {
setcookie('mycookie', 'Test mycookie', time()+3600*24);
//display all users
$display = mysql_query("SELECT * FROM members ORDER BY ID");
//begin the query
$sql = mysql_query("SELECT * FROM $tbl_name WHERE username = '".$username."' LIMIT 1");
//acutal shit
if (isset($_POST['password']))
{
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
//Get MD5 hash of password
$password = sha256(md5(sha1(sha512(mysql_real_escape_string($_POST['password'])))));
//Check to see if username exists
$sql = ("SELECT * FROM $tbl_name WHERE password = '".$password."' ");
$result = mysql_query($sql);
if (mysql_num_rows($result) < 1) {
echo "That is not your current password";
} else {
if ($confirmpass==$newpass) {
$querynew = ("UPDATE $tbl_name SET password='$newpass' WHERE id='$session[id]'");
$resultnew = mysql_query($querynew) or die(mysql_error());
echo "Password changed!";
} else {
echo "Passwords Do not match!";
}
}
} else {
echo "Change your password";
}
echo "`
<html></html>
<a href='https://www.nextgenupdate.com/forums/'>Go Back</a>
<center>
<table>
<form action='change.php' method='post'>
<tr><td>Current Password:</td><td><input name='password' type='text' /></tr></td><br />
<tr><td>New Password:</td><td><input name='newpass' type='text' /></td></tr><br />
<tr><td>Confirm Password:</td><td><input name='confirmpass' type='text' /></td></tr><br />
<tr><td><input type='submit' value='Change Password' /></td></tr>
</table>
</form>
</center>
";
//html for display all users
echo "<center><table border='1'>
<tr>
<th>UserName</th>
<th>ID</th>
</tr>";
while($row = mysql_fetch_array($display))
{
echo "<tr>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['id'] . "</td>";
echo "</tr>";
}
echo "</table></center>";
} else {
echo "You do not have permissions on this page!";
}
?>
In that script you can see that it shows the users and id's of them.
it also displays a form that has to enter the current password, and if it's not right it won't do anything, and then the new passwords have to match to do the process. now the actually update script itself.
$querynew = ("UPDATE $tbl_name SET password='$newpass' WHERE id='$session[id]'");
$resultnew = mysql_query($querynew) or die(mysql_error());
now that SHOULD update the memebers table to the user that is logged in (admin) and change the password with the one posted in the form.
now what's wrong with that script?
Well, I found a few things that are wrong with the script right off the bat.
First off, you have the line "$username = mysql_real_escape_string($username);". Of course, the username variable is being used to store the MySQL username, which is set by you, therefore I see no reason for you to try to SQL Inject that. Furthermore, that's not even really injectable in the first place.
Another thing about that, when you're assigning constant variables, like database usernames, you ought to use the define function. Ideally, what you do is you make a MySQL connect file that looks like this:
define('
B_USER', 'root'
; // MySQL username
define('B_PASS', 'pass'; // MySQL password
define('B_HOST', 'host'; // database host
define('B_NAME', 'name'; // database name
$con = mysql_connect(DB_HOST, DB_USER, DB_PASS)
or die('Fatal error: could not connect to database';
mysql_select_db(DB_NAME, $con)
or die('Fatal error: could not select database';
Then you can include your MySQL connect file wherever necessary using something like "require_once('includes/mysqlconfig.php'
;". Its much easier and more efficient.Moving on, you have the line "$id = $POST['id'];", its $_POST, not $POST.
Then, you check for an apparently random cookie called mycookie, always name your cookies, and give them a logical name.
After that, you use the comment "//acutal shit" to sound like your cool, which is an error, because you spelled "actual" wrong.
You then get the MD5 hash of a password (or claim to in the comment), but you're really getting the SHA256 hash of an MD5 hash of a SHA1 hash of a SHA512 hash of an escaped string of the posted password. Aside from being redundant and a useless waste of time, your comment was wrong.
Finally, once you get to the password changing part of the deal, you have the code "$querynew = ("UPDATE $tbl_name SET password='$newpass' WHERE id='$session[id]'");".
First off, you should limit the update to 1, but your real problem is your checking WHERE id=$session[id]. You're using "$session" instead of "$_SESSION", and "id" should be wrapped in single quotation marks ('id'
.Therefore, your query would be
UPDATE $tbl_name SET password='$newpass' WHERE id='$_SESSION['id']' LIMIT 1
However, prior to using $_SESSION['id'] you first have to store the ID of the user into the $_SESSION superglobal array, AS WELL AS start the session using the session_start() function.
And I can go on to spot multiple things that are wrong with your script (as I scan it I notice that you have <html></html> in the same line). All in all, my recommendation is that you rewrite your script, because there's a LOT of stuff that's wrong with it (most of which I didn't even mention).
The following 2 users say thank you to Epic? for this useful post:
10-17-2011, 10:08 PM
#3
Jakes625
Guest
okay, don't be all nerdy and acting like tough shit.
I know how to include, and what not. Just showing you of all the stuff that is to connect.
I have a custom script for sha256, and sha512. just forgot to take that out.
and //actual shit was to remind me of what does the actually database script. not trying to act cool.
2nd of all, how would you update the file for your password.
cause i have update the table, then set the password to the newpassword posted in the form, where id is the current user's id.
im having trouble getting the users current id to use.
now im trying to be friendly but it's hard when people act like tough shit. I've been coding php for about 2 days now. give me a break please? but if you can honestly help me and not be a jerk about it then please help, and thank you
---------- Post added at 05:08 PM ---------- Previous post was at 04:33 PM ----------
I updated this script a little. of course it's not going to work but am I getting closer?
I know how to include, and what not. Just showing you of all the stuff that is to connect.
I have a custom script for sha256, and sha512. just forgot to take that out.
and //actual shit was to remind me of what does the actually database script. not trying to act cool.
2nd of all, how would you update the file for your password.
cause i have update the table, then set the password to the newpassword posted in the form, where id is the current user's id.
im having trouble getting the users current id to use.
now im trying to be friendly but it's hard when people act like tough shit. I've been coding php for about 2 days now. give me a break please? but if you can honestly help me and not be a jerk about it then please help, and thank you
---------- Post added at 05:08 PM ---------- Previous post was at 04:33 PM ----------
I updated this script a little. of course it's not going to work but am I getting closer?
<?php
$host="****"; // Host name
$username="****"; // Mysql username
$password="****"; // Mysql password
$db_name="****"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
//take the username and prevent SQL injections
$username = mysql_real_escape_string($username);
//variables for new/old passess
$newpass = $_POST['newpass'];
$confirmpass = $_POST['confirmpass'];
//sure proof denies unless has cookie
$count = 0;
//Checks for the cookie, or deny access
if (isset($_COOKIE["mycookie"])) {
$count = 1;
} else {
$count = 0;
}
SESSION_START();
$id = SESSION_ID();
// If result matched $myusername and $mypassword, table row must be 1 row
// sets cookie if cookie is found
if ($count==1) {
setcookie('mycookie', 'Test mycookie', time()+3600*24);
//display all users
$display = mysql_query("SELECT * FROM members ORDER BY ID");
//begin the query
$sql = mysql_query("SELECT * FROM $tbl_name WHERE username = '".$username."' LIMIT 1");
//If password is set then check if correct
if (isset($_POST['password']))
{
//Prevent SQL injections
$username = mysql_real_escape_string($_POST['username']);
// UPDATE NEW PASSWORD with the same encryption as the database
$password = sha1(md5(sha1(sha1(mysql_real_escape_string($_POST['password'])))));
//Check to see if username exists
$sql = ("SELECT * FROM $tbl_name WHERE password = '".$password."' ");
$result = mysql_query($sql);
if (mysql_num_rows($result) < 1) {
echo "That is not your current password";
} else {
if ($confirmpass==$newpass) {
$querynew = ("UPDATE $tbl_name SET password='".$_POST['$newpass']."' WHERE id='".$_SESSION['$id']."' LIMIT 1");
$resultnew = mysql_query($querynew) or die(mysql_error());
echo "Password changed!";
} else {
echo "Passwords Do not match!";
}
}
} else {
echo "Change your password";
}
echo "
<a href='index.php'>Go Back</a>
<center>
<table>
<form action='change.php' method='post'>
<tr><td>Current Password:</td><td><input name='password' type='text' /></tr></td><br />
<tr><td>New Password:</td><td><input name='newpass' type='text' /></td></tr><br />
<tr><td>Confirm Password:</td><td><input name='confirmpass' type='text' /></td></tr><br />
<tr><td><input type='submit' value='Change Password' /></td></tr>
</table>
</form>
</center>
";
//html for display all users
echo "<center><table border='1'>
<tr>
<th>UserName</th>
<th>ID</th>
</tr>";
while($row = mysql_fetch_array($display))
{
echo "<tr>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['id'] . "</td>";
echo "</tr>";
}
echo "</table></center>";
} else {
echo "You do not have permissions on this page!";
}
?>
10-17-2011, 10:30 PM
#4
Epic?
Awe-Inspiring
Originally posted by jp4priest
okay, don't be all nerdy and acting like tough shit.
I know how to include, and what not. Just showing you of all the stuff that is to connect.
I have a custom script for sha256, and sha512. just forgot to take that out.
and //actual shit was to remind me of what does the actually database script. not trying to act cool.
2nd of all, how would you update the file for your password.
cause i have update the table, then set the password to the newpassword posted in the form, where id is the current user's id.
im having trouble getting the users current id to use.
now im trying to be friendly but it's hard when people act like tough shit. I've been coding php for about 2 days now. give me a break please? but if you can honestly help me and not be a jerk about it then please help, and thank you
I know how to include, and what not. Just showing you of all the stuff that is to connect.
I have a custom script for sha256, and sha512. just forgot to take that out.
and //actual shit was to remind me of what does the actually database script. not trying to act cool.
2nd of all, how would you update the file for your password.
cause i have update the table, then set the password to the newpassword posted in the form, where id is the current user's id.
im having trouble getting the users current id to use.
now im trying to be friendly but it's hard when people act like tough shit. I've been coding php for about 2 days now. give me a break please? but if you can honestly help me and not be a jerk about it then please help, and thank you
I already gave you the code/query, did I not?
Here's the query you need:
mysql_query("UPDATE $tbl_name SET password='$newpass' WHERE id=$_SESSION['id'] LIMIT 1");
As I also said previously, you first have to start the session (typically done in the first few lines of a script):
session_start();
But of course, at some point, you'll have to have to first have added the user's ID to the $_SESSION superglobal array; you would have done that in another script (mostly a script pertaining to the user logging in).
Since I now am aware that you are new to PHP, let me give you a breakdown of everything I pointed out earlier (and in this post):
Remember, session_start() starts a new "session" for each new person to visit your site. This session (also referred to as a "session cookie") is something like a cookie, except stored server side (and it disappears after the user closes his or her browser). You can, similar to a cookie, store information in a session. This can be used to pass information about a specific user from one script to another, this information is stored in the $_SESSION superglobal array. Note that you have to call session_start() at the beginning of each script (unless you're calling it in a script that's being included into another). You may want to read more about sessions here: You must login or register to view this content.
Knowing that, we can use sessions to store things like the user ID. We could do this in our log in script:
$query = mysql_query("SELECT user_id, username, password FROM users WHERE username='$username'"); // get the data
$result = mysql_fetch_assoc($query); // fetch the array
// check for correct username and password
if ($username == $result['username'] && $password == $result['password'])
{
session_start(); // start the session
$_SESSION['username'] == $username; // store the username
$_SESSION['user_id'] == $result['user_id']; // store the user's ID
}
While the above script is greatly simplified and totally unsafe (so don't use it), you can easily see how we would set the user's ID.
This will then allow us to use the session information in another script, for example, your script (to change the password of the user), we'd call session_start() and then we'd be able to use all the session data in the query (specifically the user's ID).
If you're new to PHP, I'd highly encourage you to read up on it as much as you can, if you You must login or register to view this content. you'll be taken to a fantastic tutorial on PHP, if you read through that, you should be ready to write some scripts of your own. Also, be sure to gain some basic skills with HTML.
Here's some basic debugging tips:
Please practice properly indenting and styling your code. For example:
// This is BA
if (isset($_COOKIE["mycookie"])) {
$count = 1;
} else {
$count = 0;
}
// This is GOO
if (isset($_COOKIE["mycookie"]))
{
$count = 1;
}
else
{
$count = 0;
}
It may seem odd, but it'll make your code easier to debug (and generally easier to understand and read), both for you and those trying to help you. Its true that there's no truly correct way, but there are ways to make it easier on people (and yourself).
Another tip I'd have is to make sure you allow for errors and warnings (and be sure its set strictly so you get all errors and warnings). When you get an error, do not continue, stop, and go back to your code (also, test your code very frequently, that way you don't amass a large amount of errors). Also, fix both errors and warnings. When you get an error, go to the line where its occurring, and check that line (as well as lines above and below it), if you don't understand the error, just Google it.
Lastly, a development tip, first create a full plan of your website.
Then create a full plan of your database. This "plan" is referred to as a schema, there's plenty of tutorials on how to draw these out (and plenty of visual tools to help you).
After that, you need to plan out your script: what you want it to do, the functions you'll need to create, the functions and constructs that PHP has to offer, and since PHP is primarily written in the procedural paradigm, try to write some pseudo-code to plan it all out.
And finally, write your script, you should know exactly what to write (based on the plan) allowing you to write the code efficiently and quickly. Also, debug your code as errors and warnings come, and be sure to reload the page/script often, that way you can pick up on errors and warnings early.
That will help to cut out confusion.
Just to come full circle, back to the problem at hand. If my explanation did not answer your question, you're going to have to explain your question more clearly.
EDIT/UPDATE:
Just read your update, not really sure if you're actually getting closer (in fact, you may be getting farther, read the first part of my post).
The following user thanked Epic? for this useful post:
10-17-2011, 11:08 PM
#5
Jakes625
Guest
alright i will try some things.
also here is my example of doing things.
index.php ----> if login credentials are correct it gives you a cookie. if they are wrong they do not.
then that cookie determins (fail) whether when they go to index.php again if they are logged in (like a remember me).
so then in "change.php" (the script above) detects the cookie and allows them access. now i was thinking of what you posted.
if I put that where it checks the cookie, then only check the user id, would that be safe? since it only would only be accessable through the cookie?
I'm sorry if I sound stupid :p
also here is my example of doing things.
index.php ----> if login credentials are correct it gives you a cookie. if they are wrong they do not.
then that cookie determins (fail) whether when they go to index.php again if they are logged in (like a remember me).
so then in "change.php" (the script above) detects the cookie and allows them access. now i was thinking of what you posted.
$query = mysql_query("SELECT user_id, username, password FROM users WHERE username='$username'"); // get the data
$result = mysql_fetch_assoc($query); // fetch the array
// check for correct username and password
if ($username == $result['username'] && $password == $result['password'])
{
session_start(); // start the session
$_SESSION['username'] == $username; // store the username
$_SESSION['user_id'] == $result['user_id']; // store the user's ID
if I put that where it checks the cookie, then only check the user id, would that be safe? since it only would only be accessable through the cookie?
I'm sorry if I sound stupid :p
10-18-2011, 12:27 AM
#6
Epic?
Awe-Inspiring
Originally posted by jp4priest
alright i will try some things.
also here is my example of doing things.
index.php ----> if login credentials are correct it gives you a cookie. if they are wrong they do not.
then that cookie determins (fail) whether when they go to index.php again if they are logged in (like a remember me).
so then in "change.php" (the script above) detects the cookie and allows them access. now i was thinking of what you posted.
if I put that where it checks the cookie, then only check the user id, would that be safe? since it only would only be accessable through the cookie?
I'm sorry if I sound stupid :p
also here is my example of doing things.
index.php ----> if login credentials are correct it gives you a cookie. if they are wrong they do not.
then that cookie determins (fail) whether when they go to index.php again if they are logged in (like a remember me).
so then in "change.php" (the script above) detects the cookie and allows them access. now i was thinking of what you posted.
$query = mysql_query("SELECT user_id, username, password FROM users WHERE username='$username'"); // get the data
$result = mysql_fetch_assoc($query); // fetch the array
// check for correct username and password
if ($username == $result['username'] && $password == $result['password'])
{
session_start(); // start the session
$_SESSION['username'] == $username; // store the username
$_SESSION['user_id'] == $result['user_id']; // store the user's ID
if I put that where it checks the cookie, then only check the user id, would that be safe? since it only would only be accessable through the cookie?
I'm sorry if I sound stupid :p
First, I would like to do something that I failed to do last post: I'm sorry for being somewhat abrasive (if its any excuse, I was tired and it didn't sound overly harsh when I read it then), but upon re-reading it, I realize it may have seemed somewhat unkind.
I'd like to apologize once more, as I'm not entirely sure what it is you mean.
Sessions are stored on the server, meaning that the user cannot tamper with the session data (they can tamper with the session ID, which is a completely different thing that you don't need to worry about for the time being).
Sessions only last for the user's "browsing session", meaning that sessions expire once the user closes their browser.
Cookies, on the other hand, are stored with the client. This means that the cookie data is stored with the browser, cookies can be set to expire (and you can force them to expire in your script), but typically cookies still remain active even once the user closes their browser. Since cookies are kept with the client and can last through multiple sessions, it means that the user can tamper with the data stored in the cookie (something to be aware of).
Let me detail the typical program flow for you:
First, the user navigates to your index (home page). You then only want a small script to determine whether or not the user has a cookie or session currently active, thus determining whether or not the user should be granted access.
Your code could look like:
<?php
session_start(); // start the session
// check if the session values are NOT set
if (!isset($_SESSION['user_id']) && !isset($_SESSION['isValid']))
{
header('Location: login.php'; // redirect to login.php (a login form)
die('You are not currently logged in, you are being redirected to the login form. If you are not redirected, <a href="login.php">click here</a>';
}
else
{
// check if the user has been validated (successfully registered, logged in, or whatever other authentication you want to perform)
if ($_SESSION['isValid'] == false)
{
die('Sorry, but your account is not valid currently. Please try again later.';
}
else
{
// run a query to verify that the user_id is legitimate and belongs to a real user
// use conditional logic (if statement) to die() if the user is not legitimate, otherwise, do nothing
}
}
?>
<!-- By this point, you will have determined whether or not the user has successfully logged in -->
<html>
<head>
<title>Yay!</title>
</head>
<body>
<p>Congratulations! You're all logged in and ready to view the content!</p>
</body>
</html>
On the above code (of a sample index.php file) you can see that we're simply checking if the session is set or not, then if we want to maximize security, we determine whether or not the user is truly legitimate or not by querying the database (though this isn't really necessary as session data is stored on the server). Assuming you've successfully logged in, directly beneath you'll see the index page.
However, if at any step, the user turns out to not be logged in we call die(), which kills the script (causing the index page content not to be displayed) and we use header() to send a header that will (hopefully) redirect them to the login form (if not, we give them an option to "click here" and link them to the login form).
Of course, in the above script, you could use sessions as opposed to cookies, just make sure that the cookie is both secure as well as sanitized prior to manipulating it (as the cookie comes from the client, not the server).
Second, if the person is not logged in, they'll have been redirected to login.php (or some sort of login form). In this file, or the script handling the log in, you'll want to set the session or the cookie (and then handle the user accordingly), assuming the user has logged in successfully. You can use the method you posted to do such a thing.
I hope that helps clear things up! Let me know if you have any further questions!
10-18-2011, 02:48 AM
#7
Jakes625
Guest
Yeah that all makes sense, and I have working create user, delete a user, and all that login and such.
just cannot get password to change.
in that script it checks current password and all that but if your saying I can get the session id to work, then I can update via the id of the user on the form? (if that makes sense) sorry for sounding like a dumbass, but php is very hard to learn
just cannot get password to change.
in that script it checks current password and all that but if your saying I can get the session id to work, then I can update via the id of the user on the form? (if that makes sense) sorry for sounding like a dumbass, but php is very hard to learn
10-18-2011, 03:46 AM
#8
Epic?
Awe-Inspiring
Originally posted by jp4priest
Yeah that all makes sense, and I have working create user, delete a user, and all that login and such.
just cannot get password to change.
in that script it checks current password and all that but if your saying I can get the session id to work, then I can update via the id of the user on the form? (if that makes sense) sorry for sounding like a dumbass, but php is very hard to learn
just cannot get password to change.
in that script it checks current password and all that but if your saying I can get the session id to work, then I can update via the id of the user on the form? (if that makes sense) sorry for sounding like a dumbass, but php is very hard to learn
The session ID is not the same as the user ID in the database, believe it or not, things aren't actually that magical (at least not yet).
The session ID is a unique ID generated each session, its completely unrelated, and really functions as a way for PHP to manage sessions.
Again, if you read any of the past few posts, first, you get the user's ID from the database:
SELECT user_id FROM users WHERE username='username'
With that query (or a modified form) you should be able to get the user ID (this should be the primary key of the user's table). You then store this ID in the session:
session_start();
$_SESSION['id'] = $result['id']; //store the resulting id as a session variable
Then, when you want to change the user's password:
session_start();
mysql_query("UPDATE users SET password='$new_password' WHERE id=$_SESSION['id'] LIMIT 1"); // run the update query
Its not particularly complex or confusing (PHP itself is considered a very easy language), if you're really struggling with this, it means you're taking on a project that's over your head and outside of your skill level. When I was learning to program for my first time, I was told the same thing by a bunch of different people, and it pissed me off, but its the truth (and in hindsight, I recognize this). Go back to the tutorial, book, video, or wherever you're learning from, read it and read it again, take notes, do all the practice exercises, then come back and attempt your own program. Sessions are very simple, and handling users is equally simple.
10-18-2011, 03:50 AM
#9
Jakes625
Guest
well I program in C++, java, css, html vb.net and it's kinda hard to do something when your used to doing another
but thanks that clears stuff up a LOT more. If you need anything just let me know :p
---------- Post added at 10:50 PM ---------- Previous post was at 10:49 PM ----------
btw when you say update users, is that the table name or a row in the table??
but thanks that clears stuff up a LOT more. If you need anything just let me know :p
---------- Post added at 10:50 PM ---------- Previous post was at 10:49 PM ----------
btw when you say update users, is that the table name or a row in the table??
10-18-2011, 04:27 AM
#10
Epic?
Awe-Inspiring
Originally posted by jp4priest
well I program in C++, java, css, html vb.net and it's kinda hard to do something when your used to doing another
but thanks that clears stuff up a LOT more. If you need anything just let me know :p
---------- Post added at 10:50 PM ---------- Previous post was at 10:49 PM ----------
btw when you say update users, is that the table name or a row in the table??
but thanks that clears stuff up a LOT more. If you need anything just let me know :p
---------- Post added at 10:50 PM ---------- Previous post was at 10:49 PM ----------
btw when you say update users, is that the table name or a row in the table??
Users is the table name.
It seems to me you're struggling more with the SQL than the PHP, you may want to consider reading a tutorial dedicated to SQL such as You must login or register to view this content..
PHP is actually fairly similar to both C++ and Java in the sense that it shares the same syntax. Its probably most similar to Java in the sense of JSP.
Copyright © 2026, NextGenUpdate.
All Rights Reserved.
