website change password

05/18/2011 06:12 shadowkiller990#1
This is not working it says your password has been changed but it dosent load it in the DB whats wrong?

Code:
<?php
include('config.php');
?>
<?php
if($_POST['user']){
mysql_select_db($mydbacc);
					$userid = trim($_POST['id']);
					$password=trim($_POST['pass']);
					$passretype=trim($_POST['repass']);
					$hash=$_POST['hash'];
					$hash1=$_POST['hash1'];
					$cpass = trim($_POST['cpass']);
					$sql = "SELECT * FROM account WHERE name='$userid'";
					$query = mysql_query($sql) or die(mysql_error());
					$row = mysql_fetch_object($query);
					$curpass = htmlspecialchars($row->password);
					$secretquestion = htmlspecialchars($row->secret_question);
					$secretanswer = htmlspecialchars($row->secret_answer);
					$email = htmlspecialchars($row->email);
$res = mysql_query("select * from account where name = '".$userid."' order by id desc");
								if(mysql_num_rows($res) == 0)
								{
								Echo "Sorry that username doesnt exist";
								}else{
							echo "
							<form method=\"post\" action=\"changepw1.php\">
<TABLE align=\"center\">
<tr><td>
<br />
Enter the correct info and your password will be changed. For the email, it will be the one you used to sign up with.<tr><td>
<tr><td align=\"center\">Login Name:</tr></td>
<tr><td align=\"center\"><input type=\"text\" size=\"20\" name=\"userc\"/></tr></td>
<tr><td align=\"center\">Current Password:</tr></td>
<tr><td align=\"center\"><input type=\"hidden\" name=\"hash1\">
<input type=\"password\" size=\"20\" name=\"curpass\" onBlur=\"hash1.value=login(curpass.value)\"/></tr></td>
<tr><td align=\"center\">New Password:</td></tr>
<tr><td align=\"center\"><input type=\"password\" size=\"20\" name=\"newpas\"/></td></tr>
<tr><td align=\"center\">Retype New Password:</td></tr>
<tr><td align=\"center\"><input type=\"password\" size=\"20\" name=\"renew\"/></td></tr>
<tr><td align=\"center\">
<input type=\"hidden\" name=\"hash\"><input class=Butt type=submit onClick=\"hash.value = login(newpas.value)\" value=\"Change Password\" name=B1>
</td></tr>
</TABLE>
</form>
							";
							}//end else
}
?>
<?php
			if($_POST['B1'])
			{
			mysql_select_db($myaccount);
					$userid = trim($_POST['userc']);
					$password=trim($_POST['curpass']);
					$passretype=trim($_POST['repass']);
					$hash=$_POST['hash'];
					$hash1=$_POST['hash1'];
					$newpass = trim($_POST['newpas']);
					$renewpass = trim($_POST['renew']);
					$sql = "SELECT * FROM account WHERE name='$userid'";
					$query = mysql_query($sql) or die(mysql_error());
					$row = mysql_fetch_object($query);
					$curpass = htmlspecialchars($row->password);

$res = mysql_query("select * from account where name = '".$userid."' order by id desc");
								if(mysql_num_rows($res) == 0)
								{
								Echo "Sorry that username doesnt exist";
								}else{
				if($hash1 != $curpass)
					{
						echo "Your current password was typed wrong";
					}
					else{
					if($newpass != $renewpass)
					{
						echo "Your New paswords dont match";
					}
					else{
					$sql = "UPDATE account SET password='$hash' WHERE name='$userid'";
					$query = mysql_query($sql) or die(mysql_error());

									echo "Password Changed correctly ";


					}


					}

}
}

			?>
05/18/2011 06:21 Jack Sparrow#2
Code:
<script type="text/javascript" src="inc/md5.js"></script>
<?php
include('config.php');
  ?>
<form method="post">
<TABLE align="center">
<tr><td>
<br />
Enter the correct info and your password will be changed. For the email, it will be the one you used to sign up with.<tr><td>
<tr><td align="center">Login Name:</tr></td>
<tr><td align="center"><input type="text" size="20" name="userc"/></tr></td>
<tr><td align="center">Current Password:</tr></td>
<tr><td align="center"><input type="hidden" name="hash1">
<input type="password" size="20" name="curpass" onBlur="hash1.value=login(curpass.value)"/></tr></td>
<tr><td align="center">New Password:</td></tr>
<tr><td align="center"><input type="password" size="20" name="newpas"/></td></tr>
<tr><td align="center">Retype New Password:</td></tr>
<tr><td align="center"><input type="password" size=\"20\" name="renew"/></td></tr>
<tr><td align="center">
<input type="hidden" name="hash"><input class=Butt type=submit onClick="hash.value = login(newpas.value)" value="Change Password" name=B1>
</td></tr>
</TABLE>
</form>

<?php
			if($_POST['B1'])
			{
			mysql_select_db($mydbacc);
					$userid = trim($_POST['userc']);
					$password=trim($_POST['curpass']);
					$passretype=trim($_POST['repass']);
					$hash=$_POST['hash'];
					$hash1=$_POST['hash1'];
					$newpass = trim($_POST['newpas']);
					$renewpass = trim($_POST['renew']);
					$sql = "SELECT * FROM account WHERE name='$userid'";
					$query = mysql_query($sql) or die(mysql_error());
					$row = mysql_fetch_object($query);
					$curpass = htmlspecialchars($row->password);

$res = mysql_query("select * from account where name = '".$userid."' order by id desc");
								if(mysql_num_rows($res) == 0)
								{
								Echo "Sorry that username doesnt exist";
								}else{
				if($hash1 != $curpass)
					{
						echo "Your current password was typed wrong";
					}
					else{
					if($newpass != $renewpass)
					{
						echo "Your New paswords dont match";
					}
					else{
					$sql = "UPDATE account SET password='$hash' WHERE name='$userid'";
					$query = mysql_query($sql) or die(mysql_error());

									echo "Password Changed correctly ";


					}


					}

}
}

			?></div>
give this a try works pretty fine for me
05/18/2011 06:29 shadowkiller990#3
Thank you so much for helping once again =-D