I have a page title changepassword.php ... In this page, users are able to change their password for an account. The query goes through and gives the message that it sent, however, the database does not change. The password stays the same as it used to be. I am using a sha1 hash that I am not used to (first time using it). Anyone know what is happening with it? Thanks!
<?php
session_start ();
$user_name = $_SESSION['user_name'];
if($user_name)
{
//user is logged in
if(isset($_POST['submit']))
{
//check fields
$oldpassword = $_POST['oldpassword'];
$newpassword = $_POST['newpassword'];
$repeatnewpassword = $_POST['repeatnewpassword'];
//check password against db
$connect=mysql_connect("localhost","root","passssssssword") or die();
mysql_select_db("database") or die();
$queryget= mysql_query ("SELECT user_pass FROM users WHERE user_name='$user_name'") or die("Query didn't work.");
$row = mysql_fetch_assoc ($queryget);
$oldpassworddb = $row['user_pass'];
//check passwords
if (sha1($oldpassword)==$oldpassworddb)
{
if ($newpassword==$repeatnewpassword)
{
if (strlen ($newpassword)>25 || strlen ($newpassword)<6)
{
echo "Password must be between 6 and 25 characters";
}
else
{
//change password in db
$newpassword = sha1($newpassword);
$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE user_name='$user_name'");
session_destroy();
die ("Your password has been changed. <a href='index.php'>Return</a> to the main page and login with your new password.");
}
}
else
die ("New passwords do not match!");
}
else
die ("Old password is inncorrect!");
}
else
{
echo
"<form action = 'changepassword.php' method = 'POST'>
<table>
<tr>
<td>
Old password:
</td>
<td>
<input type='text' name='oldpassword'><p>
</td>
</tr>
<tr>
<td>
New password:
</td>
<td>
<input type='password' name='newpassword'>
</td>
</tr>
<tr>
<td>
Repeat new password:
</td>
<td>
<input type='password' name='repeatnewpassword'>
</td>
</tr>
<table>
<input type='submit' name='submit' value='Change password'>
</form>
";
}
}
else
die("You must be logged in to change your password!");
?>