Password change script

Results 1 to 4 of 4
  1. 16-02-09 #1
    00niels00
    Account Upgraded | Title Enabled! 00niels00 is offline
    MemberRank
    Sep 2008 Join Date
    The NetherlandsLocation
    1,041Posts

    Password change script

    Hello i'm bussy with a password change script but i got a little problem

    The error:
    Code:
    Parse error: parse error in C:\xampp\htdocs\passchange\index.php on line 47
    The Script:
    Code:
    <FORM method="post" action="<? echo $PHP_SELF;?>">
<table>
<tr>
<td>
<p>Accountname:
</td>
<td>
<input name="name" type="textfield" />
</td>
</tr>
<tr>
<td>
<p>Current Password:
</td>
<td>
<input name="Cpass" type="textfield" />
</td>
</tr>
</tr>
<tr>
<td>
<p>New Password:
</td>
<td>
<input name="Npass" type="textfield" />
</td>
</tr>
<tr>
<td>
<input type="submit" value="change" name="change" />
</td>
</tr>
</form>

<?php
include('config.php');

$name = anti_injection($_POST ["name"]);
$Cpass = anti_injection($_POST ["Cpass"]);
$Npass = anti_injection($_POST ["Npass"]);

if(isset($_POST['change']))
{
odbc_exec ($connect, "SELECT * FROM login WHERE UserID='".$name."'");
if($Cpass==$row['Password'])
{
odbc_exec ("UPDATE login SET Password="'.$Npass.'" WHERE Password='".$Cpass."'");
}
else
{
echo"Wrong Password";
}
}

?>
    Can some one help me
    Reply With Quote Reply With Quote
  2. Check out our sponsor
    Password change script
  3. 16-02-09 #2
    Solaire
    Praise the Sun! Solaire is offline
    MemberRank
    Dec 2007 Join Date
    Undead BurgLocation
    2,862Posts

    Re: Password change script

    PHP Code:
    odbc_exec ("UPDATE login SET Password='".$Npass."' WHERE Password='".$Cpass."'"); 
    Reply With Quote Reply With Quote
  4. 17-02-09 #3
    00niels00
    Account Upgraded | Title Enabled! 00niels00 is offline
    MemberRank
    Sep 2008 Join Date
    The NetherlandsLocation
    1,041Posts

    Re: Password change script

    No errors any more. I use this now:
    PHP Code:
    <FORM method="post" action="<? echo $PHP_SELF;?>">
    <table>
    <tr>
    <td>
    <p>Accountname:
    </td>
    <td>
    <input name="name" type="textfield" />
    </td>
    </tr>
    <tr>
    <td>
    <p>Current Password:
    </td>
    <td>
    <input name="Cpass" type="textfield" />
    </td>
    </tr>
    </tr>
    <tr>
    <td>
    <p>New Password:
    </td>
    <td>
    <input name="Npass" type="textfield" />
    </td>
    </tr>
    <tr>
    <td>
    <input type="submit" value="change" name="change" />
    </td>
    </tr>
    </form>

    <?php
    include('config.php');

    $name anti_injection($_POST ["name"]);
    $Cpass anti_injection($_POST ["Cpass"]);
    $Npass anti_injection($_POST ["Npass"]);

    if(isset(    $_POST['change']))
    {
    odbc_exec ($connect"SELECT * FROM login WHERE UserID='".$name."'");
    if(    $Cpass==$row['Password'])
    {
    odbc_exec ("UPDATE login SET Password='".$Npass."' WHERE Password='".$Cpass."'");  
    echo    "Changed Succesfully!";
    }
    else
    {
    echo    "Wrong Password";
    }
    }

    ?>
    But it script always says Wrong password if it is uncorrect or correct.

    And if i do this:
    PHP Code:
    ini_set('display_errors'1);
    error_reporting(E_ALL); 
    I get this:
    Code:
    Notice: Undefined index: name in C:\xampp\htdocs\passchange\change.php on line 40

Notice: Undefined index: Cpass in C:\xampp\htdocs\passchange\change.php on line 41

Notice: Undefined index: Npass in C:\xampp\htdocs\passchange\change.php on line 42
    That are this lines:

    $name = anti_injection($_POST ["name"]);
    $Cpass = anti_injection($_POST ["Cpass"]);
    $Npass = anti_injection($_POST ["Npass"]);

    The action anti_injection is in the config.php.

    PHP Code:
    function anti_injection($sql)
    {
    $sql preg_replace(sql_regcase("/(from|select|insert|delete|where|drop table|show tables|#|\*|--|\\\\)/"),"",$sql);
    $sql trim($sql);
    $sql strip_tags($sql);
    $sql addslashes($sql);
    return     $sql;

    ?> 
    Reply With Quote Reply With Quote
  5. 17-02-09 #4
    Solaire
    Praise the Sun! Solaire is offline
    MemberRank
    Dec 2007 Join Date
    Undead BurgLocation
    2,862Posts

    Re: Password change script

    The variable $row is empty. You didn't add any value to it.

    I rewrote it my way. Love it or hate it.

    PHP Code:
    <?php
    //Moop. The include.
    include('config.php');

    //There's absolutely no need to initialisize vaiables. Only causes serverload.

    //If isset? Nah... Server request method.
    if($_SERVER['REQUEST_METHOD'] == "POST")
    {
            //Let's give the variable query a query.
            $query odbc_exec ($connect,"SELECT Password FROM login WHERE UserID='" anti_injection($_POST['name']) . "'");
            //Then fetch it so we have a result.
            odbc_fetch_row($query);
        
            //If the posted password is equal with the password requested from the db...
            if($_POST['Cpass'] == odbc_result($query1))
        {
                //Update the password. Look at the capital L of Login. :]
            //Also... checking for the password only to UPDATE it isn't good enough.
            //And since you have the UserID... why not check it?
            //Oh... and don't forget to connect first before doing the query. :]
                   //AND.... successfully is with both double c and double s =P.
                odbc_exec ($connect,"UPDATE Login SET Password = '" anti_injection($_POST['Npass']) . "' WHERE Password = '" anti_injection($_POST['Cpass']) . "' AND UserID = '" anti_injection($_POST['name']) . "'");  
            echo     "Password changed successfully!";
        }
        else
        {
            echo     "Wrong Password";
        }
    }
    ?>
    Reply With Quote Reply With Quote


« Previous Thread | Next Thread »

Advertisement