Trying to make this script call to php. when I make the passwords not equal to eachother the error spits out that passwords dont match and if I leave it blank I also get the correct error message. however if I try to use it normally I get unknown error. Is there an order of operations in this code that doesn't match. I can't see anything is incorrect.
<script>
function changepass() {
var u = _("username").value;
var cp = _("currentPass").value;
var np = _("newPass").value;
var cnp = _("confirmNewPass").value;
if(np != cnp) {
_("status").innerHTML = "The passwords given do not match!";
} else if (cp === "" || np === "" || cnp === "") {
_("status").innerHTML = "Please fill out all of the fields.";
} else {
_("changepassbtn").style.display = "none";
_("status").innerHTML = 'please wait ...';
var ajax = ajaxObj("POST", "reset_pass.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
var response = ajax.responseText;
if(response.trim() == "success"){
_("status").innerHTML = 'Your password change was successful!';
} else if (response == "no_exist"){
_("status").innerHTML = "Your current password was entered incorrectly.";
_("changepassbtn").style.display = "initial";
} else if(response == "pass_failed"){
_("status").innerHTML = "Change password function failed to execute!";
_("changepassbtn").style.display = "initial";
} else {
_("status").innerHTML = "An unknown error occurred";
_("changepassbtn").style.display = "initial";
}
}
}
ajax.send("u="+u+"&cp="+cp+"&np="+np+"&cnp"+cnp);
}
}
</script>
here is the php.
<?php
// AJAX CALLS THIS CODE TO EXECUTE
if(isset($_POST['cp'])) {
include_once("php_includes/db_conx.php");
$username = '';
$oldpasshash = '';
$newpasshash = '';
$u = mysqli_real_escape_string($db_conx, $_POST['u']);
$oldpass = $_POST["cp"];
$newpass = $_POST["cnp"];
$oldpasshash = md5($oldpass);
$newpasshash = md5($newpass);
$sql = "SELECT username, password FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
$db_username = $row["0"];
$db_password = $row["1"];
if($db_password != $oldpasshash){
echo "no_exist";
exit();
} else {
$sql = "UPDATE users SET password='$newpashhash' WHERE username='$db_username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$sql = "SELECT password FROM users WHERE username='$db_username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
$db_newpass = $row[0];
if($db_newpass == $newpasshash) {
echo "success";
exit();
} else {
echo "pass_failed";
exit();
}
}
}
?>
I also want to kill all the user cookies but and I have the code from my logout page but I am unsure where to put it in this page. Any advice is good. NOTE: I am a newbie and just following tutorials for now I hope to modify this later when I understand it better.