7 Replies - 318 Views - Last Post: 13 July 2013 - 12:57 PM Rate Topic: -----

#1 Jib Giannis  Icon User is offline

  • New D.I.C Head

Reputation: -3
  • View blog
  • Posts: 18
  • Joined: 07-July 13

Change password empty field

Posted 13 July 2013 - 04:38 AM

Hello, I have successfully created my user password change script and I want the new password not be empty. Now I enter my currrent password and I set the new password to empty, and the password will be changed to empty. I want the new password not to be empty. How can I do that? I tried but nothing...

<?php
session_start();
$username = @$_SESSION['username'];
$form = "<form action='changepass.php' method='POST'>
		Current password: <input type='text' name='c_password'><br />
		New password: <input type='password' name='n_password'><br />
		Re-enter new password: <input type='password' name='rn_password'><br />
		<input type='submit' name='submit' value='Change password'><br />
		</form>";
if($_SESSION['username']){
	if(isset($_POST['submit'])){
		$connect = mysql_connect("localhost", "*********", "*********");
		mysql_select_db("*********");
		
		$query = mysql_query("SELECT password FROM users2 WHERE username='".$username."'");
		$row = mysql_fetch_assoc($query);
		$c_password = sha1(@$_POST['c_password']);
		$n_password = sha1(@$_POST['n_password']);
		$rn_password = sha1(@$_POST['rn_password']);
		$c_password_db = $row['password'];
			if($c_password&&$n_password&&$rn_password){
				if($c_password==$c_password_db){
					if($n_password==$rn_password){
						if(strlen($n_password) > 6 || strlen($rn_password) > 6 && $n_password==!"" || $rn_password!==""){
							$querychange = mysql_query("UPDATE users2 SET password='".$n_password."' WHERE username='".$username."'");
							session_destroy();
							die("Your password has been changed. <a href='member.php'>Return</a>");
						}else{
							die("The lengh of the new password must be longer than 6!");
						}
						
					}else{
						die("Your new password do not match!").mysql_error();
					}
				}else{
					echo "Your current password do not match!";
				}
		}else{
			die("Please fill in all the fields!");
		}
		}else{
			
			echo $form;
		}
		
	}else{
		
		die("You must be logged in to change your password!");
	}


?>



Every reply is appreciated! :)/>

Is This A Good Question/Topic? 0
  • +

Replies To: Change password empty field

#2 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2891
  • View blog
  • Posts: 10,025
  • Joined: 08-August 08

Re: Change password empty field

Posted 13 July 2013 - 04:43 AM

Why are you using insecure and deprecated mysql functions? Do you want your site hacked?
Was This Post Helpful? 0
  • +
  • -

#3 andrewsw  Icon User is online

  • Fire giant boob nipple gun!
  • member icon

Reputation: 3222
  • View blog
  • Posts: 10,810
  • Joined: 12-December 12

Re: Change password empty field

Posted 13 July 2013 - 04:52 AM

In HTML(5) you could add the attribute REQUIRED.

In PHP you could use code like:

if (isset($_POST['n_password']) && !empty($_POST['n_password'])) {


empty() the docs

BTW The reason that this:

if($c_password&&$n_password&&$rn_password){

doesn't exclude empty values is that you have already used SHA1() which, even on an empty string, produces a value.

BTWW Suppressing errors with @ is considered a poor practice.

This post has been edited by andrewsw: 13 July 2013 - 04:59 AM

Was This Post Helpful? 2
  • +
  • -

#4 Jib Giannis  Icon User is offline

  • New D.I.C Head

Reputation: -3
  • View blog
  • Posts: 18
  • Joined: 07-July 13

Re: Change password empty field

Posted 13 July 2013 - 05:59 AM

So how will be the code?
Thanks :)

This post has been edited by andrewsw: 13 July 2013 - 06:07 AM
Reason for edit:: Removed unnecessary quote

Was This Post Helpful? -2
  • +
  • -

#5 andrewsw  Icon User is online

  • Fire giant boob nipple gun!
  • member icon

Reputation: 3222
  • View blog
  • Posts: 10,810
  • Joined: 12-December 12

Re: Change password empty field

Posted 13 July 2013 - 06:06 AM

The code will be how you write it. I do not intend to write it for you.

Make some coding effort then come back if you struggle.
Was This Post Helpful? 1
  • +
  • -

#6 no2pencil  Icon User is offline

  • Toubabo Koomi
  • member icon

Reputation: 5182
  • View blog
  • Posts: 26,886
  • Joined: 10-May 07

Re: Change password empty field

Posted 13 July 2013 - 08:59 AM

View Postandrewsw, on 13 July 2013 - 09:06 AM, said:

I do not intend to write it for you.

This is why he's using deprecated mysql functions. Found it on the net. Next?

This post has been edited by andrewsw: 13 July 2013 - 09:15 AM

Was This Post Helpful? 0
  • +
  • -

#7 Jib Giannis  Icon User is offline

  • New D.I.C Head

Reputation: -3
  • View blog
  • Posts: 18
  • Joined: 07-July 13

Re: Change password empty field

Posted 13 July 2013 - 12:24 PM

View Postandrewsw, on 13 July 2013 - 04:52 AM, said:

In HTML(5) you could add the attribute REQUIRED.

In PHP you could use code like:

if (isset($_POST['n_password']) && !empty($_POST['n_password'])) {


empty() the docs

BTW The reason that this:

if($c_password&&$n_password&&$rn_password){

doesn't exclude empty values is that you have already used SHA1() which, even on an empty string, produces a value.

BTWW Suppressing errors with @ is considered a poor practice.


Thankks, it worked! I worked on it some and I fixed some problems. Now I have a another problem that the strlen is not working. For example I said if the strlen of the password is longer that 6 then change the password. But if the user add 1 character for his password the query will work and his password will be changed! Any ideas? :)
Was This Post Helpful? 0
  • +
  • -

#8 andrewsw  Icon User is online

  • Fire giant boob nipple gun!
  • member icon

Reputation: 3222
  • View blog
  • Posts: 10,810
  • Joined: 12-December 12

Re: Change password empty field

Posted 13 July 2013 - 12:57 PM

if(strlen($n_password) > 6 || strlen($rn_password) > 6 && $n_password==!"" || $rn_password!==""){

You need to examine your logic in this statement (or whatever you have changed it to), being aware of the order of precedence. In particular, && has higher precedence that ||. Use brackets to over-rule the precedence order.

You won't need to check the length of the old password, as it has already been checked against the value in the database, which would only have been accepted if it were more than 6 characters (once you've got the logic sorted).

If you've changed your code so that it won't accept empty passwords, then this statement should reduce to:

if (strlen($n_password) > 6) {

This post has been edited by andrewsw: 13 July 2013 - 12:59 PM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1