Script php per cambiare password in database mysql

Buona sera a tutti e da ieri che cerco di scrivere uno script php che permetta a un utente loggato di cambiare la password, prima inserendo la vecchia password e poi quella nuona ma lo script non funziona.

Codice PHP:

---

<?php include('config.php'); ?>
<?php if(isset($_SESSION['username'])) { $userid = $_SESSION['userid']; } else { header('Location: login.php'); } ?>

<html>
qui c'è il tutto il codice html fino al form

<?php

session_start(); //Ecco il primo errore: Notice: A session had already been started - ignoring session_start()

$user = $SESSION['username']; //Ecco il secondo errore: Notice: Undefined variable: SESSION

if ($user) {


//user is logged in

if ($_POST['submit']) {


// check fields

$oldpassword = sha1($_POST['current_password']);
$newpassword = sha1($_POST['password']);
$repeatnewpassword = md5 ($_POST['verify_password"']);


$queryget = mysql_query("SELECT password FROM WHERE username='$user'") or die ("Query didnt work");
$row = mysql_fetch_assoc($queryget);

$oldpassworddb = $row['password'];

echo $olrdpassworddb."
";
echo $oldpassword."
";

//check passwords
if ($oldpassword==$oldpassworddb)
{

// check two new passwords
if ($newpasword==$repeatnewpassword)

{

//success
//change password in db

$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die ("Your password has been changed. <a href='index.php'>Rerturn to main page.");
session_destroy();



} else {

print ("New passwords don't match!");

}



} else {

print ("Old password doesnt match!");

}

} else {

echo "";

}

}
?>

---

È un po' troppo generico dire che "non funziona"...

Ho sbagliato a scrivere mi da 2 errori sono scritto nei commenti dello script

A occhio direi che, per il primo errore, session_start() viene chiamata da qualche altra parte (config.php forse)
Il secondo errore: hai scritto $SESSION ma andrebbe $_SESSION

Grazie mille, incredibile quanto fossero banali gli errori ma ora ne ho un altro che dice Notice: Undefined index: submit il rigo dello script e questo "if ($_POST['submit']) "

Citazione:

---

Originalmente inviato da floopop

Grazie mille, incredibile quanto fossero banali gli errori ma ora ne ho un altro che dice Notice: Undefined index: submit il rigo dello script e questo "if ($_POST['submit']) "

---

Prova così :
Sostituisci questa:
if ($_POST['submit'])

Con questa:
if (!isset($_POST['submit']) || ($POST['submit'] != 'Register'))

Fammi sapere:)

Ora me ne da altri 3 di errori:

$oldpassword = sha1($_POST['current_password']); //Notice: Undefined index: current_password

$newpassword = sha1($_POST['password']); //Notice: Undefined index: password

$repeatnewpassword = sha1 ($_POST['verify_password"']); //Notice: Undefined index: verify_password" Query didnt work

Citazione:

---

Originalmente inviato da floopop

Ora me ne da altri 3 di errori:

$oldpassword = sha1($_POST['current_password']); //Notice: Undefined index: current_password

$newpassword = sha1($_POST['password']); //Notice: Undefined index: password

$repeatnewpassword = sha1 ($_POST['verify_password"']); //Notice: Undefined index: verify_password" Query didnt work

---

Puoi postarmi tutta la pagina?

Non posto proprio tutto perchè sono 410 righe comunque:

Codice PHP:

---

<?php include('config.php'); ?>
<?php if(isset($_SESSION['username'])) { $userid = $_SESSION['userid']; } else { header('Location: login.php'); } ?>

<?php
$dnn = mysql_fetch_array(mysql_query('select username from users where username="'.$_SESSION['username'].'"'));
$username = htmlentities($dnn['username'], ENT_QUOTES, 'UTF-8');
?>

<?php

$user = $_SESSION['username'];

if ($user) {


//user is logged in

if (!isset($_POST['submit']) || ($POST['submit'] != 'Register')) {


// check fields

$oldpassword = sha1($_POST['current_password']);
$newpassword = sha1($_POST['password']);
$repeatnewpassword = sha1 ($_POST['verify_password"']);

$queryget = mysql_query("SELECT password FROM WHERE username='$user'") or die ("Query didnt work");
$row = mysql_fetch_assoc($queryget);

$oldpassworddb = $row['password'];

echo $olrdpassworddb."
";
echo $oldpassword."
";

//check passwords
if ($oldpassword==$oldpassworddb)
{

// check two new passwords
if ($newpasword==$repeatnewpassword)

{

//success
//change password in db

$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die ("Your password has been changed. <a href='index.php'>Rerturn to main page.");
session_destroy();



} else {

print ("New passwords don't match!");

}



} else {

print ("Old password doesnt match!");

}

} else {

echo "";

}

}
?>

<form action="<?= $_SERVER['PHP_SELF']; ?>" method="post" name="profilechgpassword">
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> Your current Password&nbsp;
</div>
<input type="password" class="form-control" name="current_password" value="" id="password" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> New Password&nbsp;
</div>
<input type="password" class="form-control" name="password" value="" id="password1" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> Verify New Password&nbsp;
</div>
<input type="password" class="form-control" name="verify_password" value="" id="password2" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<button type="submit" name="Register" class="btn btn-primary btn-login" style="width:160px;">Change Password
<button type="submit" name="cancel" class="btn btn-primary btn-login" style="width:160px;">Cancel
</form>

---

Citazione:

---

Originalmente inviato da floopop

Non posto proprio tutto perchè sono 410 righe comunque:

Codice PHP:

---

<?php include('config.php'); ?>
<?php if(isset($_SESSION['username'])) { $userid = $_SESSION['userid']; } else { header('Location: login.php'); } ?>

<?php
$dnn = mysql_fetch_array(mysql_query('select username from users where username="'.$_SESSION['username'].'"'));
$username = htmlentities($dnn['username'], ENT_QUOTES, 'UTF-8');
?>

<?php

$user = $_SESSION['username'];

if ($user) {


//user is logged in

if (!isset($_POST['submit']) || ($POST['submit'] != 'Register')) {


// check fields

$oldpassword = sha1($_POST['current_password']);
$newpassword = sha1($_POST['password']);
$repeatnewpassword = sha1 ($_POST['verify_password"']);

$queryget = mysql_query("SELECT password FROM WHERE username='$user'") or die ("Query didnt work");
$row = mysql_fetch_assoc($queryget);

$oldpassworddb = $row['password'];

echo $olrdpassworddb."
";
echo $oldpassword."
";

//check passwords
if ($oldpassword==$oldpassworddb)
{

// check two new passwords
if ($newpasword==$repeatnewpassword)

{

//success
//change password in db

$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die ("Your password has been changed. <a href='http://forum.it.altervista.org/forum.php'>Rerturn to main page.");
session_destroy();



} else {

print ("New passwords don't match!");

}



} else {

print ("Old password doesnt match!");

}

} else {

echo "";

}

}
?>

<form action="<?= $_SERVER['PHP_SELF']; ?>" method="post" name="profilechgpassword">
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> Your current Password*
</div>
<input type="password" class="form-control" name="current_password" value="" id="password" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> New Password*
</div>
<input type="password" class="form-control" name="password" value="" id="password1" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> Verify New Password*
</div>
<input type="password" class="form-control" name="verify_password" value="" id="password2" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<button type="submit" name="Register" class="btn btn-primary btn-login" style="width:160px;">Change Password
<button type="submit" name="cancel" class="btn btn-primary btn-login" style="width:160px;">Cancel
</form>

---

---

Prova così e fammi sapere:
<?php include('config.php'); ?>
<?php if(isset($_SESSION['username'])) { $userid = $_SESSION['userid']; } else { header('Location: login.php'); } ?>

<?php
$dnn = mysql_fetch_array(mysql_query('select username from users where username="'.$_SESSION['username'].'"'));
$username = htmlentities($dnn['username'], ENT_QUOTES, 'UTF-8');
?>

<?php

$user = $_SESSION['username'];

if ($user) {


//user is logged in

if (!isset($_POST['submit']) || ($POST['submit'] != 'Register')) {


// check fields


$newpassword = sha1($_POST['password']);
$repeatnewpassword = sha1 ($_POST['repeatnewpassword']);

$queryget = mysql_query("SELECT password FROM WHERE username='$user'") or die ("Query didnt work");
$row = mysql_fetch_assoc($queryget);




//check passwords
if ($newpassword==$repeatnewpassword)
{



//success
//change password in db

$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die ("Your password has been changed. <a href='index.php'>Rerturn to main page.");
session_destroy();



} else {

print ("New passwords don't match!");

}



} else {

print ("Old password doesnt match!");

}

} else {

echo "";

}

}
?>

<form action="<?= $_SERVER['PHP_SELF']; ?>" method="post" name="profilechgpassword">
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> Your current Password&nbsp;
</div>
<input type="password" class="form-control" name="current_password" value="" id="password" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> New Password&nbsp;
</div>
<input type="password" class="form-control" name="password" value="" id="password1" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> Verify New Password&nbsp;
</div>
<input type="password" class="form-control" name="verify_password" value="" id="password2" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<button type="submit" name="Register" class="btn btn-primary btn-login" style="width:160px;">Change Password
<button type="submit" name="cancel" class="btn btn-primary btn-login" style="width:160px;">Cancel
</form>

Non è cambiato nulla, e non riesco a capire dove sia l'errore.

Citazione:

---

Originalmente inviato da floopop

Non è cambiato nulla, e non riesco a capire dove sia l'errore.

---

Prova così, se non va fammi un screen dell'errore:

Codice PHP:

---

<?php include('config.php'); ?>
<?php if(isset($_SESSION['username'])) { $userid = $_SESSION['userid']; } else { header('Location: login.php'); } ?>

<?php
$dnn = mysql_fetch_array(mysql_query('select username from users where username="'.$_SESSION['username'].'"'));
$username = htmlentities($dnn['username'], ENT_QUOTES, 'UTF-8');
?>

<?php

$user = $_SESSION['username'];

if ($user) {


//user is logged in

if (!isset($_POST['submit']) || ($POST['submit'] != 'Register')) {


// check fields


$newpassword = md5($_POST['newpassword']);


$repeatnewpassword = md5($_POST['repeatnewpassword']);




$queryget = mysql_query("SELECT password FROM WHERE username='$user'") or die ("Query didnt work");
$row = mysql_fetch_assoc($queryget);
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db


$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'");

session_destroy();
die("Your password has been changed. <a href='login.php'> Login Again</a>");
}
else {
die("New password doesn't match!");

}
else
{
?>

<form action="<?= $_SERVER['PHP_SELF']; ?>" method="post" name="profilechgpassword">
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> Your current Password&nbsp;
</div>
<input type="password" class="form-control" name="current_password" value="" id="password" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> New Password&nbsp;
</div>
<input type="password" class="form-control" name="password" value="" id="password1" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<div class="form-group gi-login-password">
<div class="input-group" style="width:325px;">
<div class="input-group-addon" style="width:170px;"> Verify New Password&nbsp;
</div>
<input type="password" class="form-control" name="verify_password" value="" id="password2" placeholder="Password" autocomplete="off" />
<span class='usererror' style='color:red;'>
</span>
</div>
</div>
<button type="submit" name="Register" class="btn btn-primary btn-login" style="width:160px;">Change Password
<button type="submit" name="cancel" class="btn btn-primary btn-login" style="width:160px;">Cancel
</form>

---

Ho cambiato script ed ora riesco a cambiare la password ma vorrei fare in modo che prima di inserirla nel database venga criptata ma non riesco a capire dove inserire questa stringa : $password = sha1($password);.

Codice PHP:

---

<?php
//We check if the user is logged
if(isset($_SESSION['username']))
{
//We check if the form has been sent
if(isset($_POST['username'], $_POST['password'], $_POST['passverif'], $_POST['email'], $_POST['security_pin']))
{
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$_POST['username'] = stripslashes($_POST['username']);
$_POST['password'] = stripslashes($_POST['password']);
$_POST['passverif'] = stripslashes($_POST['passverif']);
$_POST['email'] = stripslashes($_POST['email']);
$_POST['security_pin'] = stripslashes($_POST['security_pin']);
}
//We check if the two passwords are identical
if($_POST['password']==$_POST['passverif'])
{
//We check if the password has 6 or more characters
if(strlen($_POST['password'])>=6)
{
//We check if the email form is valid
if(preg_match('#^(([a-z0-9!\#$%&\\\'*+/=?^_`{|}~-]+\.?)*[a-z0-9!\#$%&\\\'*+/=?^_`{|}~-]+)@(([a-z0-9-_]+\.?)*[a-z0-9-_]+)\.[a-z]{2,}$#i',$_POST['email']))
{
//We protect the variables
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$email = mysql_real_escape_string($_POST['email']);
$security_pin = mysql_real_escape_string($_POST['security_pin']);
//We check if there is no other user using the same username
$dn = mysql_fetch_array(mysql_query('select count(*) as nb from users where username="'.$username.'"'));
//We check if the username changed and if it is available
if($dn['nb']==0 or $_POST['username']==$_SESSION['username'])
{
//We edit the user informations
if(mysql_query('update users set username="'.$username.'", password="'.$password.'", email="'.$email.'", security_pin="'.$security_pin.'" where id="'.mysql_real_escape_string($_SESSION['userid']).'"'))
{
//We dont display the form
$form = false;
//We delete the old sessions so the user need to log again
unset($_SESSION['username'], $_SESSION['userid']);
?>
<div class="message">Your informations have successfuly been updated. You need to log again.<br />
<a href="connexion.php">Log in</a></div>
<?php
}
else
{
//Otherwise, we say that an error occured
$form = true;
$message = 'An error occurred while updating your informations.';
}
}
else
{
//Otherwise, we say the username is not available
$form = true;
$message = 'The username you want to use is not available, please choose another one.';
}
}
else
{
//Otherwise, we say the email is not valid
$form = true;
$message = 'The email you entered is not valid.';
}
}
else
{
//Otherwise, we say the password is too short
$form = true;
$message = 'Your password must contain at least 6 characters.';
}
}
else
{
//Otherwise, we say the passwords are not identical
$form = true;
$message = 'The passwords you entered are not identical.';
}
}
else
{
$form = true;
}
if($form)
{
//We display a message if necessary
if(isset($message))
{
echo '<strong>'.$message.'</strong>';
}
//If the form has already been sent, we display the same values
if(isset($_POST['username'],$_POST['password'],$_POST['email']))
{
$pseudo = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
if($_POST['password']==$_POST['passverif'])
{
$password = htmlentities($_POST['password'], ENT_QUOTES, 'UTF-8');
}
else
{
$password = '';
}
$email = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');
$security_pin = htmlentities($_POST['security_pin'], ENT_QUOTES, 'UTF-8');
}
else
{
//otherwise, we display the values of the database
$dnn = mysql_fetch_array(mysql_query('select username,password,email,security_pin from users where username="'.$_SESSION['username'].'"'));
$username = htmlentities($dnn['username'], ENT_QUOTES, 'UTF-8');
$password = htmlentities($dnn['password'], ENT_QUOTES, 'UTF-8');
$email = htmlentities($dnn['email'], ENT_QUOTES, 'UTF-8');
$security_pin = htmlentities($dnn['security_pin'], ENT_QUOTES, 'UTF-8');
}
//We display the form
?>
<div class="content">
<form action="profile_info.php" method="post">
You can edit your informations:<br />
<div class="center">
<label for="username">Username</label><input type="text" name="username" id="username" value="<?php echo $username; ?>" /><br />
<label for="password">Password<span class="small">(6 characters min.)</span></label><input type="text" name="password" id="password" value="<?php echo $password; ?>" /><br />
<label for="passverif">Password<span class="small">(verification)</span></label><input type="text" name="passverif" id="passverif" value="<?php echo $password; ?>" /><br />
<label for="email">Email</label><input type="text" name="email" id="email" value="<?php echo $email; ?>" /><br />
<label for="security_pin">security_pin<span class="small">(optional)</span></label><input type="text" name="security_pin" id="security_pin" value="<?php echo $security_pin; ?>" /><br />
<input type="submit" value="Send" />
</div>
</form>
<?php
}
}
else
{
?>
<div class="message">To access this page, you must be logged.<br />
<?php
}
?>

---

Citazione:

---

Originalmente inviato da floopop

ma non riesco a capire dove inserire questa stringa : $password = sha1($password);

---

Sicuramente dopo della creazione della variabile $password creata qui:

Codice PHP:

---

$password = mysql_real_escape_string($_POST['password']);


---

e prima della UPDATE:

Codice PHP:

---

if(mysql_query('update users set username="'.$username.'", password="'.$password.'", email="'.$email.'", security_pin="'.$security_pin.'" where id="'.mysql_real_escape_string($_SESSION['userid']).'"'))


---

p.s: puoi calcolare l'hash anche durante la creazione della stringa della UPDATE.

Ciao!

Grazie mille :wink: