Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- echo "<h1>Changing password</h1>";
- session_start();
- $user = $_SESSION['username'];
- if ($user)
- {
- // if the user is logged in
- echo("<p>
- <form action='changepassword.php' method='POST'>
- Old password: <input type='password' name='oldpass'/><br />
- New password: <input type='password' name='newpass'/><br />
- Repeat new password: <input type='password' name='repeatnewpass'/><br ?>
- <input type='submit' name='submit' value='Change my password'/>
- </p>");
- if ($_POST['submit'])
- {
- //check fields
- $oldpass = md5($_POST['oldpass']);
- $newpass = md5($_POST['newpass']);
- $repeatnewpass = md5($_POST['repeatnewpass']);
- // check password against db
- // connect db
- include('connection.php');
- // the problem is this query
- $queryget = mysql_query("SELECT password FROM users WHERE username=['$user']") or die("Wrong query.");
- $row = mysql_fetch_assoc($queryget);
- $oldpass = $row['password'];
- // compare passwords
- if ($oldpass==$oldpassdb)
- {
- // it never echo this even if the password if correct
- echo "hello";
- }
- else
- {
- die ("The old password is wrong.");
- }
- }
- }
- else
- die ("<font size = 4>You must be logged in to change your <b>password</b>.</font>");
- ?>
Add Comment
Please, Sign In to add comment
