2

Found the answer!!

Found the answer after a long break from looking at it!

was just simply changing

$querynewpass = "UPDATE tz_members SET `pass`='".$_POST['$passwordnew1']."' WHERE usr='{$_SESSION['usr']}'";

to:

$querynewpass = "UPDATE tz_members SET `pass`='".md5($_POST['passwordnew1'])."' WHERE usr='{$_SESSION['usr']}'";

just the simple md5 that i had missed off!

The Problem:

im trying to change a user password using a form where they enter their current password and a new password. it should check the mySQL database to see if their current password that was entered matches the current session user they are logged into and then update the mySQL database to the new password. Here is the script i have for it so far:

if($_POST['submit']=='Change')
{
    // Checking whether the Password Change form has been submitted
    
    $err = array();
    // Will hold our errors
    
    
    if(!$_POST['password1'] || !$_POST['passwordnew1'])
        $err[] = 'All the fields must be filled in!';
    
    if(!count($err))
    {
        $_POST['password1'] = mysql_real_escape_string($_POST['password1']);
        $_POST['passwordnew1'] = mysql_real_escape_string($_POST['passwordnew1']);
        
        // Escaping all input data

        $row = mysql_fetch_assoc(mysql_query("SELECT id,usr FROM tz_members WHERE usr='{$_SESSION['usr']}' AND pass='".md5($_POST['password1'])."'"));

        if($row['usr'])
        {
            // If everything is OK change password
            
            $querynewpass = "UPDATE user SET `password`='".$_POST['$passwordnew1']."' WHERE id='".$_SESSION['usr']."'";
                        $resultnewpass = mysql_query($querynewpass) or die(mysql_error()); 
            
        }
        else $err[]='Wrong Password To Start With!';
    }
    
    if($err)
    $_SESSION['msg']['passwordchange-err'] = implode('<br />',$err);
    // Save the error messages in the session

    header("Location: index.php");
    exit;
}

but it comes with an error "Table 'databasename.user' doesn't exist" i have a login and register form that work using this method without error!

UPDATE: i have a database that has a table called tz_members and the columns are id, pass, user, regIP and dt

my mysql query is now:

$querynewpass = "UPDATE tz_members SET `pass`='".$_POST['$passwordnew1']."' WHERE usr='{$_SESSION['usr']}'";

UPDATED AGAIN adding the form code for you to see:

    <!-- Pass Change Form -->
            <form action="" method="post">      
            <?php
                    
                    if($_SESSION['msg']['passwordchange-err'])
                    {
                        echo '<div class="err">'.$_SESSION['msg']['passwordchange-err'].'</div>';
                        unset($_SESSION['msg']['passwordchange-err']);
                    }
                    
                    if($_SESSION['msg']['passwordchange-success'])
                    {
                        echo '<div class="success">'.$_SESSION['msg']['passwordchange-success'].'</div>';
                        unset($_SESSION['msg']['passwordchange-success']);
                    }
                ?>
                    
                <label class="grey" for="password1">Current Password:</label>
                <input class="field" type="password" name="password1" id="password1" value="" size="23" />
                <label class="grey" for="password">New Password:</label>
                <input class="field" type="password" name="passwordnew1" id="passwordnew1" size="23" />
                <input type="submit" name="submit" value="Change" class="bt_register" />
            </form>
Improve this question
5
  • 3
    Well your error is not lying to you. That table does not exist in that database. Either a typo, or maybe you are connecting to the wrong database ... Commented Jan 17, 2012 at 10:51
  • 2
    Your select query has table name tz_members & update is having user..Might you are doing something wrong here Plz check Commented Jan 17, 2012 at 10:52
  • Are you certain you have a table called "user"? Because you're fetching data from a table called tz_members... Commented Jan 17, 2012 at 10:52
  • @JanHančič sorry, that was a typo, fixed that problem! Commented Jan 17, 2012 at 11:42
  • @RikeshShah I have sorted this error and now im just getting an empty field in the database under the 'pass' column for the user Commented Jan 17, 2012 at 11:44

4 Answers 4

Reset to default
3

Your are using two different tables (and columns) in the two queries that seem to be related to the same table.

Check your schema and adjust the second query appropriately.

The second query should probably be something along the lines of:

$querynewpass = "UPDATE tz_members SET `pass`='".md5($_POST['passwordnew1'])."' WHERE usr='{$_SESSION['usr']}'";
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

I have just tried this and now get no error, but the database doesn't update
@OliverWhysall Have you tried echoing $_POST['$passwordnew1'] before the query to see if it contains any value? If not your problem is now in the html form processing...
please see update to original question for the form code. I cant see an error there that stands out massively
@OliverWhysall I'm glad you found the answer... but the line you changed is exactly what I posted in my first reply!
i know! i had pasted it in but i had stupidly changed the file on dreamweaver after i had changed it online and it just saved over so what i thought i had changed was back to what i had before! thank you for your help
0

check your database. maybe user table is not present. and another thing, during the update, you are updating password without encryption, but you were fetching data from tz_members table by matching the encrypted password. so final solution from me: check your database and see if there are any user table or not. have fun

Improve this answer

Comments

0

I was trying to do the same thing as you I finally did get it to work, it might have been helpful for you to post the correct completed code so anyone else that is looking for this could view the solution.

The only error I found which took me a few mins to debug with the above code was the following:

$querynewpass = mysql_query("UPDATE tz_members SET `pass`='".md5($_POST['passwordnew1'])."' WHERE usr='{$_SESSION['usr']}'");

was the addition of the mysql_query() tag after that was added the code works great thanks fro sharing.

Improve this answer

Comments

0

Try this code:

$SQL = "UPDATE `table-name` SET `password` = '".$newpassword."' WHERE `tablename`.`ID` = '".$_SESSION["database ID"];."';";
Improve this answer

1 Comment

please add an explanation to your answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.