0

since im new here in php and do not know much , my problem is i check every syntax on my code and still i get this error "password didnt match" even if the old password in the database is match in my old password field .. hope you can help me , and Sorry for my Bad formatting im still a newbie ..

here's my code .

<?php


$submit = strip_tags($_POST['submit']); 

$username = strtolower(strip_tags($_POST['username']));


$oldpassword = strip_tags($_POST['oldpassword']);

$newpassword = strip_tags($_POST['newpassword']);

$firstname = strip_tags($_POST['first']);

$lastname = strip_tags($_POST['last']);

$gender = strip_tags($_POST['gender']);

$address = strip_tags($_POST['address']);

$zipcode = strip_tags($_POST['zip']);

$contact = strip_tags($_POST['con']);

$email = strip_tags($_POST['mail']);

error_reporting(0);



if($submit)
{

if($username&& $oldpassword && $newpassword && $firstname && $lastname && $address && $zipcode && $contact && $email)
{

$connect = mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("brightlights") or die(mysql_error());

$updatecheck = mysql_query("SELECT * FROM tb_user WHERE username='$username'");
$count = mysql_num_rows($updatecheck);
if($count<=1)
{

if($password==($oldpassword))
{

mysql_query("UPDATE tb_user SET
                username = '$username',
                password = '$newpassword',
                Firstname = '$firstname',
                Lastname = '$lastname',
                gender = '$gender',
                address = '$address',
                zipcode = '$zipcode',
                contact = '$contact',
                email = '$email'
                WHERE username='".$_SESSION['username']."'");
                $_SESSION['username'] = $username;
                $_SESSION['password'] = $newpassword;
                $_SESSION['Firstname'] = $firstname;
                $_SESSION['Lastname'] = $lastname;
                $_SESSION['gender'] = $gender;
                $_SESSION['address'] = $address;
                $_SESSION['zipcode'] = $zipcode;
                $_SESSION['contact'] = $contact;
                $_SESSION['email'] = $email;
                session_write_close();
                echo "Succesfully Updated!";

            }else
                echo "Password not match!";
        }else
            echo "Username already Taken!";
    }else
        echo "Please fill up all form!";



}           
?>
Improve this question
8
  • Also I believe there should be a space between $username&& $oldpassword ? Commented Dec 5, 2010 at 2:38
  • i have done that already and its error still getting that message .. Commented Dec 5, 2010 at 2:41
  • @Elliot why would you use === ? If == isn't working === is definitely not going to work Commented Dec 5, 2010 at 2:48
  • can someone help me on this , i really could use some help Commented Dec 5, 2010 at 2:50
  • the $password reffers to the password in my database i have done it like this before if($_SESSION['password']==($oldpassword)) but still i get an error password not match dont know what to do Commented Dec 5, 2010 at 2:51

3 Answers 3

Reset to default
1

Instead of retrieving the old password through the request, retrieve it from the database.

$query = mysql_query("SELECT password FROM tb_user WHERE username='$username' LIMIT 1");
$count = mysql_num_rows($query);

if($count==1)
{
  $result = mysql_fetch_assoc($query);
  if($newpassword==$result["password"])
  {
......

As a side note. Always hash passwords when persisting/comparing them. This article describes most of it:

http://phpsec.org/articles/2005/password-hashing.html

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

this is the error message im getting Notice: Undefined index: password in C:\xampp\htdocs\FO\account.php on line 101 Password not match!
Are you using what I wrote? If you successfully select 1 row(using the SQL I provided), you shouldn't have that issue. Else, print the content of $result. ex: var_dump($result);
That is because your logic is wrong. You try to update a user but disallow the update because the user already exist...
The correct logic would be to lookup the user by identity (userid) instead of username, then compare if the username differed from the one that the user already had. If the username differed, you would then check if it existed or not, if it existed, show a message; else just continue with the update.
pardon me but could you please do correct my syntax sir ? can you cite the correct syntax that i would do and do it in my code please , im only a begginer
0

Just print both password and oldpassword and check the contents:

print($password);
print($oldpassword);

if($password==($oldpassword))

Why do you encapsulate the old password?

Improve this answer

1 Comment

you didnt get my problems correctly let me post another sorry for my bad formating
0

Use 

if($newpassword==$oldpassword)

instate of

if($password==($oldpassword))

I think your problem will be solved. and try to get oldpass from database.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.