Visualizzazione risultati 1 fino 15 di 15

Discussione: Script php per cambiare password in database mysql

  1. #1
    Guest

    Predefinito Script php per cambiare password in database mysql

    Buona sera a tutti e da ieri che cerco di scrivere uno script php che permetta a un utente loggato di cambiare la password, prima inserendo la vecchia password e poi quella nuona ma lo script non funziona.

    Codice PHP:
    <?php include('config.php'); ?>
    <?php
    if(isset($_SESSION['username'])) { $userid = $_SESSION['userid']; } else { header('Location: login.php'); } ?>

    <html>
    qui c'è il tutto il codice html fino al form

    <?php

    session_start
    (); //Ecco il primo errore: Notice: A session had already been started - ignoring session_start()

    $user = $SESSION['username']; //Ecco il secondo errore: Notice: Undefined variable: SESSION

    if ($user) {


    //user is logged in

    if ($_POST['submit']) {


    // check fields

    $oldpassword = sha1($_POST['current_password']);
    $newpassword = sha1($_POST['password']);
    $repeatnewpassword = md5 ($_POST['verify_password"']);


    $queryget = mysql_query("SELECT password FROM WHERE username='$user'") or die ("Query didnt work");
    $row = mysql_fetch_assoc($queryget);

    $oldpassworddb = $row['password'];

    echo
    $olrdpassworddb."
    "
    ;
    echo
    $oldpassword."
    "
    ;

    //check passwords
    if ($oldpassword==$oldpassworddb)
    {

    // check two new passwords
    if ($newpasword==$repeatnewpassword)

    {

    //success
    //change password in db

    $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die ("Your password has been changed. <a href='index.php'>Rerturn to main page.");
    session_destroy();



    } else {

    print (
    "New passwords don't match!");

    }



    } else {

    print (
    "Old password doesnt match!");

    }

    } else {

    echo
    "";

    }

    }
    ?>
    Ultima modifica di saitfainder : 01-12-2014 alle ore 19.02.22 Motivo: Usa i tag per il codice

  2. #2
    L'avatar di saitfainder
    saitfainder non è connesso Sëniör Stäff
    Data registrazione
    06-12-2002
    Residenza
    Torino
    Messaggi
    8,715

    Predefinito

    È un po' troppo generico dire che "non funziona"...


    «È una mia peculiarità distorcere la verità e inventarne di nuove.»
    «I tuoi orientamenti hanno su di me un effetto prossimo allo zero.»


  3. #3
    Guest

    Predefinito

    Ho sbagliato a scrivere mi da 2 errori sono scritto nei commenti dello script

  4. #4
    Guest

    Predefinito

    A occhio direi che, per il primo errore, session_start() viene chiamata da qualche altra parte (config.php forse)
    Il secondo errore: hai scritto $SESSION ma andrebbe $_SESSION

  5. #5
    Guest

    Predefinito

    Grazie mille, incredibile quanto fossero banali gli errori ma ora ne ho un altro che dice Notice: Undefined index: submit il rigo dello script e questo "if ($_POST['submit']) "

  6. #6
    Guest

    Predefinito

    Citazione Originalmente inviato da floopop Visualizza messaggio
    Grazie mille, incredibile quanto fossero banali gli errori ma ora ne ho un altro che dice Notice: Undefined index: submit il rigo dello script e questo "if ($_POST['submit']) "
    Prova così :
    Sostituisci questa:
    if ($_POST['submit'])

    Con questa:
    if (!isset($_POST['submit']) || ($POST['submit'] != 'Register'))

    Fammi sapere:)

  7. #7
    Guest

    Predefinito

    Ora me ne da altri 3 di errori:

    $oldpassword = sha1($_POST['current_password']); //Notice: Undefined index: current_password

    $newpassword = sha1($_POST['password']); //Notice: Undefined index: password

    $repeatnewpassword = sha1 ($_POST['verify_password"']); //Notice: Undefined index: verify_password" Query didnt work

  8. #8
    Guest

    Predefinito

    Citazione Originalmente inviato da floopop Visualizza messaggio
    Ora me ne da altri 3 di errori:

    $oldpassword = sha1($_POST['current_password']); //Notice: Undefined index: current_password

    $newpassword = sha1($_POST['password']); //Notice: Undefined index: password

    $repeatnewpassword = sha1 ($_POST['verify_password"']); //Notice: Undefined index: verify_password" Query didnt work

    Puoi postarmi tutta la pagina?

  9. #9
    Guest

    Predefinito

    Non posto proprio tutto perchè sono 410 righe comunque:
    Codice PHP:
    <?php include('config.php'); ?>
    <?php
    if(isset($_SESSION['username'])) { $userid = $_SESSION['userid']; } else { header('Location: login.php'); } ?>

    <?php
    $dnn
    = mysql_fetch_array(mysql_query('select username from users where username="'.$_SESSION['username'].'"'));
    $username = htmlentities($dnn['username'], ENT_QUOTES, 'UTF-8');
    ?>

    <?php

    $user
    = $_SESSION['username'];

    if (
    $user) {


    //user is logged in

    if (!isset($_POST['submit']) || ($POST['submit'] != 'Register')) {


    // check fields

    $oldpassword = sha1($_POST['current_password']);
    $newpassword = sha1($_POST['password']);
    $repeatnewpassword = sha1 ($_POST['verify_password"']);

    $queryget = mysql_query("SELECT password FROM WHERE username='$user'") or die ("Query didnt work");
    $row = mysql_fetch_assoc($queryget);

    $oldpassworddb = $row['password'];

    echo
    $olrdpassworddb."
    "
    ;
    echo
    $oldpassword."
    "
    ;

    //check passwords
    if ($oldpassword==$oldpassworddb)
    {

    // check two new passwords
    if ($newpasword==$repeatnewpassword)

    {

    //success
    //change password in db

    $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die ("Your password has been changed. <a href='index.php'>Rerturn to main page.");
    session_destroy();



    } else {

    print (
    "New passwords don't match!");

    }



    } else {

    print (
    "Old password doesnt match!");

    }

    } else {

    echo
    "";

    }

    }
    ?>

    <form action="<?= $_SERVER['PHP_SELF']; ?>" method="post" name="profilechgpassword">
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> Your current Password&nbsp;
    </div>
    <input type="password" class="form-control" name="current_password" value="" id="password" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> New Password&nbsp;
    </div>
    <input type="password" class="form-control" name="password" value="" id="password1" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> Verify New Password&nbsp;
    </div>
    <input type="password" class="form-control" name="verify_password" value="" id="password2" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <button type="submit" name="Register" class="btn btn-primary btn-login" style="width:160px;">Change Password
    <button type="submit" name="cancel" class="btn btn-primary btn-login" style="width:160px;">Cancel
    </form>
    Ultima modifica di alemoppo : 01-12-2014 alle ore 22.00.17 Motivo: +tag [php]

  10. #10
    Guest

    Predefinito

    Citazione Originalmente inviato da floopop Visualizza messaggio
    Non posto proprio tutto perchè sono 410 righe comunque:
    Codice PHP:
    <?php include('config.php'); ?>
    <?php
    if(isset($_SESSION['username'])) { $userid = $_SESSION['userid']; } else { header('Location: login.php'); } ?>

    <?php
    $dnn
    = mysql_fetch_array(mysql_query('select username from users where username="'.$_SESSION['username'].'"'));
    $username = htmlentities($dnn['username'], ENT_QUOTES, 'UTF-8');
    ?>

    <?php

    $user
    = $_SESSION['username'];

    if (
    $user) {


    //user is logged in

    if (!isset($_POST['submit']) || ($POST['submit'] != 'Register')) {


    // check fields

    $oldpassword = sha1($_POST['current_password']);
    $newpassword = sha1($_POST['password']);
    $repeatnewpassword = sha1 ($_POST['verify_password"']);

    $queryget = mysql_query("SELECT password FROM WHERE username='$user'") or die ("Query didnt work");
    $row = mysql_fetch_assoc($queryget);

    $oldpassworddb = $row['password'];

    echo
    $olrdpassworddb."
    "
    ;
    echo
    $oldpassword."
    "
    ;

    //check passwords
    if ($oldpassword==$oldpassworddb)
    {

    // check two new passwords
    if ($newpasword==$repeatnewpassword)

    {

    //success
    //change password in db

    $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die ("Your password has been changed. <a href='http://forum.it.altervista.org/forum.php'>Rerturn to main page.");
    session_destroy();



    } else {

    print (
    "New passwords don't match!");

    }



    } else {

    print (
    "Old password doesnt match!");

    }

    } else {

    echo
    "";

    }

    }
    ?>

    <form action="<?= $_SERVER['PHP_SELF']; ?>" method="post" name="profilechgpassword">
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> Your current Password*
    </div>
    <input type="password" class="form-control" name="current_password" value="" id="password" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> New Password*
    </div>
    <input type="password" class="form-control" name="password" value="" id="password1" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> Verify New Password*
    </div>
    <input type="password" class="form-control" name="verify_password" value="" id="password2" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <button type="submit" name="Register" class="btn btn-primary btn-login" style="width:160px;">Change Password
    <button type="submit" name="cancel" class="btn btn-primary btn-login" style="width:160px;">Cancel
    </form>
    Prova così e fammi sapere:
    <?php include('config.php'); ?>
    <?php if(isset($_SESSION['username'])) { $userid = $_SESSION['userid']; } else { header('Location: login.php'); } ?>

    <?php
    $dnn = mysql_fetch_array(mysql_query('select username from users where username="'.$_SESSION['username'].'"'));
    $username = htmlentities($dnn['username'], ENT_QUOTES, 'UTF-8');
    ?>

    <?php

    $user = $_SESSION['username'];

    if ($user) {


    //user is logged in

    if (!isset($_POST['submit']) || ($POST['submit'] != 'Register')) {


    // check fields


    $newpassword = sha1($_POST['password']);
    $repeatnewpassword = sha1 ($_POST['repeatnewpassword']);

    $queryget = mysql_query("SELECT password FROM WHERE username='$user'") or die ("Query didnt work");
    $row = mysql_fetch_assoc($queryget);




    //check passwords
    if ($newpassword==$repeatnewpassword)
    {



    //success
    //change password in db

    $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die ("Your password has been changed. <a href='index.php'>Rerturn to main page.");
    session_destroy();



    } else {

    print ("New passwords don't match!");

    }



    } else {

    print ("Old password doesnt match!");

    }

    } else {

    echo "";

    }

    }
    ?>

    <form action="<?= $_SERVER['PHP_SELF']; ?>" method="post" name="profilechgpassword">
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> Your current Password&nbsp;
    </div>
    <input type="password" class="form-control" name="current_password" value="" id="password" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> New Password&nbsp;
    </div>
    <input type="password" class="form-control" name="password" value="" id="password1" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> Verify New Password&nbsp;
    </div>
    <input type="password" class="form-control" name="verify_password" value="" id="password2" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <button type="submit" name="Register" class="btn btn-primary btn-login" style="width:160px;">Change Password
    <button type="submit" name="cancel" class="btn btn-primary btn-login" style="width:160px;">Cancel
    </form>
    Ultima modifica di raffasolimene : 01-12-2014 alle ore 22.04.14

  11. #11
    Guest

    Predefinito

    Non è cambiato nulla, e non riesco a capire dove sia l'errore.

  12. #12
    Guest

    Predefinito

    Citazione Originalmente inviato da floopop Visualizza messaggio
    Non è cambiato nulla, e non riesco a capire dove sia l'errore.
    Prova così, se non va fammi un screen dell'errore:
    Codice PHP:
    <?php include('config.php'); ?>
    <?php
    if(isset($_SESSION['username'])) { $userid = $_SESSION['userid']; } else { header('Location: login.php'); } ?>

    <?php
    $dnn
    = mysql_fetch_array(mysql_query('select username from users where username="'.$_SESSION['username'].'"'));
    $username = htmlentities($dnn['username'], ENT_QUOTES, 'UTF-8');
    ?>

    <?php

    $user
    = $_SESSION['username'];

    if (
    $user) {


    //user is logged in

    if (!isset($_POST['submit']) || ($POST['submit'] != 'Register')) {


    // check fields


    $newpassword = md5($_POST['newpassword']);


    $repeatnewpassword = md5($_POST['repeatnewpassword']);




    $queryget = mysql_query("SELECT password FROM WHERE username='$user'") or die ("Query didnt work");
    $row = mysql_fetch_assoc($queryget);
    //check two new passwords
    if ($newpassword==$repeatnewpassword)
    {
    //successs
    //change password in db


    $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'");

    session_destroy();
    die(
    "Your password has been changed. <a href='login.php'> Login Again</a>");
    }
    else {
    die(
    "New password doesn't match!");

    }
    else
    {
    ?>

    <form action="<?= $_SERVER['PHP_SELF']; ?>" method="post" name="profilechgpassword">
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> Your current Password&nbsp;
    </div>
    <input type="password" class="form-control" name="current_password" value="" id="password" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> New Password&nbsp;
    </div>
    <input type="password" class="form-control" name="password" value="" id="password1" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <div class="form-group gi-login-password">
    <div class="input-group" style="width:325px;">
    <div class="input-group-addon" style="width:170px;"> Verify New Password&nbsp;
    </div>
    <input type="password" class="form-control" name="verify_password" value="" id="password2" placeholder="Password" autocomplete="off" />
    <span class='usererror' style='color:red;'>
    </span>
    </div>
    </div>
    <button type="submit" name="Register" class="btn btn-primary btn-login" style="width:160px;">Change Password
    <button type="submit" name="cancel" class="btn btn-primary btn-login" style="width:160px;">Cancel
    </form>
    Ultima modifica di alemoppo : 02-12-2014 alle ore 00.12.40 Motivo: +tag [php]

  13. #13
    Guest

    Predefinito

    Ho cambiato script ed ora riesco a cambiare la password ma vorrei fare in modo che prima di inserirla nel database venga criptata ma non riesco a capire dove inserire questa stringa : $password = sha1($password);.
    Codice PHP:
    <?php
    //We check if the user is logged
    if(isset($_SESSION['username']))
    {
    //We check if the form has been sent
    if(isset($_POST['username'], $_POST['password'], $_POST['passverif'], $_POST['email'], $_POST['security_pin']))
    {
    //We remove slashes depending on the configuration
    if(get_magic_quotes_gpc())
    {
    $_POST['username'] = stripslashes($_POST['username']);
    $_POST['password'] = stripslashes($_POST['password']);
    $_POST['passverif'] = stripslashes($_POST['passverif']);
    $_POST['email'] = stripslashes($_POST['email']);
    $_POST['security_pin'] = stripslashes($_POST['security_pin']);
    }
    //We check if the two passwords are identical
    if($_POST['password']==$_POST['passverif'])
    {
    //We check if the password has 6 or more characters
    if(strlen($_POST['password'])>=6)
    {
    //We check if the email form is valid
    if(preg_match('#^(([a-z0-9!\#$%&\\\'*+/=?^_`{|}~-]+\.?)*[a-z0-9!\#$%&\\\'*+/=?^_`{|}~-]+)@(([a-z0-9-_]+\.?)*[a-z0-9-_]+)\.[a-z]{2,}$#i',$_POST['email']))
    {
    //We protect the variables
    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string($_POST['password']);
    $email = mysql_real_escape_string($_POST['email']);
    $security_pin = mysql_real_escape_string($_POST['security_pin']);
    //We check if there is no other user using the same username
    $dn = mysql_fetch_array(mysql_query('select count(*) as nb from users where username="'.$username.'"'));
    //We check if the username changed and if it is available
    if($dn['nb']==0 or $_POST['username']==$_SESSION['username'])
    {
    //We edit the user informations
    if(mysql_query('update users set username="'.$username.'", password="'.$password.'", email="'.$email.'", security_pin="'.$security_pin.'" where id="'.mysql_real_escape_string($_SESSION['userid']).'"'))
    {
    //We dont display the form
    $form = false;
    //We delete the old sessions so the user need to log again
    unset($_SESSION['username'], $_SESSION['userid']);
    ?>
    <div class="message">Your informations have successfuly been updated. You need to log again.<br />
    <a href="connexion.php">Log in</a></div>
    <?php
    }
    else
    {
    //Otherwise, we say that an error occured
    $form = true;
    $message = 'An error occurred while updating your informations.';
    }
    }
    else
    {
    //Otherwise, we say the username is not available
    $form = true;
    $message = 'The username you want to use is not available, please choose another one.';
    }
    }
    else
    {
    //Otherwise, we say the email is not valid
    $form = true;
    $message = 'The email you entered is not valid.';
    }
    }
    else
    {
    //Otherwise, we say the password is too short
    $form = true;
    $message = 'Your password must contain at least 6 characters.';
    }
    }
    else
    {
    //Otherwise, we say the passwords are not identical
    $form = true;
    $message = 'The passwords you entered are not identical.';
    }
    }
    else
    {
    $form = true;
    }
    if(
    $form)
    {
    //We display a message if necessary
    if(isset($message))
    {
    echo
    '<strong>'.$message.'</strong>';
    }
    //If the form has already been sent, we display the same values
    if(isset($_POST['username'],$_POST['password'],$_POST['email']))
    {
    $pseudo = htmlentities($_POST['username'], ENT_QUOTES, 'UTF-8');
    if(
    $_POST['password']==$_POST['passverif'])
    {
    $password = htmlentities($_POST['password'], ENT_QUOTES, 'UTF-8');
    }
    else
    {
    $password = '';
    }
    $email = htmlentities($_POST['email'], ENT_QUOTES, 'UTF-8');
    $security_pin = htmlentities($_POST['security_pin'], ENT_QUOTES, 'UTF-8');
    }
    else
    {
    //otherwise, we display the values of the database
    $dnn = mysql_fetch_array(mysql_query('select username,password,email,security_pin from users where username="'.$_SESSION['username'].'"'));
    $username = htmlentities($dnn['username'], ENT_QUOTES, 'UTF-8');
    $password = htmlentities($dnn['password'], ENT_QUOTES, 'UTF-8');
    $email = htmlentities($dnn['email'], ENT_QUOTES, 'UTF-8');
    $security_pin = htmlentities($dnn['security_pin'], ENT_QUOTES, 'UTF-8');
    }
    //We display the form
    ?>
    <div class="content">
    <form action="profile_info.php" method="post">
    You can edit your informations:<br />
    <div class="center">
    <label for="username">Username</label><input type="text" name="username" id="username" value="<?php echo $username; ?>" /><br />
    <label for="password">Password<span class="small">(6 characters min.)</span></label><input type="text" name="password" id="password" value="<?php echo $password; ?>" /><br />
    <label for="passverif">Password<span class="small">(verification)</span></label><input type="text" name="passverif" id="passverif" value="<?php echo $password; ?>" /><br />
    <label for="email">Email</label><input type="text" name="email" id="email" value="<?php echo $email; ?>" /><br />
    <label for="security_pin">security_pin<span class="small">(optional)</span></label><input type="text" name="security_pin" id="security_pin" value="<?php echo $security_pin; ?>" /><br />
    <input type="submit" value="Send" />
    </div>
    </form>
    <?php
    }
    }
    else
    {
    ?>
    <div class="message">To access this page, you must be logged.<br />
    <?php
    }
    ?>
    Ultima modifica di alemoppo : 02-12-2014 alle ore 19.48.33 Motivo: +tag [php]

  14. #14
    L'avatar di alemoppo
    alemoppo non è connesso Staff AV
    Data registrazione
    24-08-2008
    Residenza
    PU / BO
    Messaggi
    22,761

    Predefinito

    Citazione Originalmente inviato da floopop Visualizza messaggio
    ma non riesco a capire dove inserire questa stringa : $password = sha1($password);
    Sicuramente dopo della creazione della variabile $password creata qui:
    Codice PHP:
    $password = mysql_real_escape_string($_POST['password']);
    e prima della UPDATE:
    Codice PHP:
    if(mysql_query('update users set username="'.$username.'", password="'.$password.'", email="'.$email.'", security_pin="'.$security_pin.'" where id="'.mysql_real_escape_string($_SESSION['userid']).'"'))
    p.s: puoi calcolare l'hash anche durante la creazione della stringa della UPDATE.

    Ciao!

  15. #15
    Guest

    Predefinito

    Grazie mille

Regole di scrittura

  • Non puoi creare nuove discussioni
  • Non puoi rispondere ai messaggi
  • Non puoi inserire allegati.
  • Non puoi modificare i tuoi messaggi
  •