Skip to main content
S
Slayer_
Participating Frequently
December 15, 2011
Question

Change Password function.

  • December 15, 2011
  • 2 replies
  • 1618 views

Hello! I'm pretty fresh in MySQL world, but already know a bit from check magazine tutorial. I wanted to do a change password function, but I have actually no idea what server behavior I have to use to find out the user ID of the current user logged in. Can anyone please help me with that? Step-by step tutorials are more likely than welcome, as I'm not so good at dreamweaver stuff yet. Oh, and I'm using dreamweaver 5.5.

This topic has been closed for replies.

2 replies

S
Slayer_Author
Participating Frequently
December 16, 2011

Here is the current recordset code.

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

  if (PHP_VERSION < 6) {

    $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

  }

  $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

  switch ($theType) {

    case "text":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;   

    case "long":

    case "int":

      $theValue = ($theValue != "") ? intval($theValue) : "NULL";

      break;

    case "double":

      $theValue = ($theValue != "") ? doubleval($theValue) : "NULL";

      break;

    case "date":

      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

      break;

    case "defined":

      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

      break;

  }

  return $theValue;

}

}

$editFormAction = $_SERVER['PHP_SELF'];

if (isset($_SERVER['QUERY_STRING'])) {

  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);

}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {

  $updateSQL = sprintf("UPDATE users SET password=%s WHERE user_id=%s",

                       GetSQLValueString($_POST['password'], "text"),

                       GetSQLValueString($_POST['user_id'], "int"));

  mysql_select_db($database_check_mag, $check_mag);

  $Result1 = mysql_query($updateSQL, $check_mag) or die(mysql_error());

  $updateGoTo = "index.php";

  if (isset($_SERVER['QUERY_STRING'])) {

    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";

    $updateGoTo .= $_SERVER['QUERY_STRING'];

  }

  header(sprintf("Location: %s", $updateGoTo));

}

mysql_select_db($database_check_mag, $check_mag);

$query_getPost = "SELECT user_id, username, password FROM users";

$getPost = mysql_query($query_getPost, $check_mag) or die(mysql_error());

$row_getPost = mysql_fetch_assoc($getPost);

$totalRows_getPost = mysql_num_rows($getPost);

$colname_getPost = "-1";

if (isset($_GET['post_id'])) {

  $colname_getPost = $_GET['post_id'];

}

mysql_select_db($database_check_mag, $check_mag);

$query_getPost = sprintf("SELECT post_id, title, blog_entry FROM news WHERE post_id = %s", GetSQLValueString($colname_getPost, "int"));

$getPost = mysql_query($query_getPost, $check_mag) or die(mysql_error());

$row_getPost = mysql_fetch_assoc($getPost);

$totalRows_getPost = mysql_num_rows($getPost);

?>

MurraySummers
MurraySummers
Inspiring
December 16, 2011

This is the code that is building the SQL query -

$query_getPost = "SELECT user_id, username, password FROM users";

You would want to change it to this -

$query_getPost = "SELECT user_id, username, password FROM users WHERE username ='" . $_SESSION['MM_Username'] . "'";

That will give you the user_id in the recordset.

S
Slayer_Author
Participating Frequently
December 16, 2011

After that there is no need for change_pw.php[?username=    <------?]

EDIT:Added that.

also,

<input type="hidden" name="MM_update" value="form1" />

<input name="username" type="hidden" id="username" value="<?php echo $row_getPost['username']; ?>" />

Are those 2 neccessary after the submit button?

MurraySummers
MurraySummers
Inspiring
December 15, 2011

When someone is properly logged in, a session variable called "MM_Username" is created.  You can either use the value of that username to search the database and find the user's record ID on this page, or you can hack into the user authentication code to add another session variable containing that record ID, or you can just put that record ID into the MM_UserGroup session variable (which is only used if you are authenticating based on username, password, and usergroup.  Do you know how to do any of those things?

S
Slayer_Author
Participating Frequently
December 15, 2011

First of all, thanks for the answer. Basically what I would like to know is, if I make a recordset and then assign the stuff to end of url: its like change_pw.php?username=What php code i must have here to have it to automatically find current MM_Username in use? Please help me with a step-by-step tutorial, if possible.

Regards,

Alo

MurraySummers
MurraySummers
Inspiring
December 15, 2011

You don't need to use that method at all.

Get your new password for the logged in user, and then do the following -

1.  At the very top of the page, put this (you may already have it if you have used the User Authentication Restrict Access feature on the page -

<?php if (!isset($_SESSION)) { session_start(); } ?>

2.  Then in the SQL statement definition panel, where you would insert the new password into the database, you would filter on the userID field, i.e.,  WHERE userID = " . $_SESSION['MM_Username']"

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices