For some reason my code is updating the players password without even seeing if there oldpassword was correct first i check it here "else if($pass!= mysql_result($result, 0))" but it doesn't work ??
php
<?php
session_start();
if(!isset($_SESSION["sess_user"])){
header("location: index");
} else {
$my_player = $_SESSION['sess_user'];
}
if(isset($_POST["sumbit"])){
$link= mysql_connect ("localhost:8889","root","root")or die("Could not connect: ".mysql_error());
mysql_select_db("register") or die(mysql_error());
$pass = $_POST['pass'];
$newpass = $_POST['newpass'];
$confirmnewpass = $_POST['confirmnewpass'];
$result = mysql_query("SELECT password FROM login WHERE username='$my_player'");
if(!$result) {
$alert = "Failure ";
}
else if($pass!= mysql_result($result, 0)) {
$alert = "incorect password";
}
if($newpass==$confirmnewpass)
$sql=mysql_query("UPDATE login SET password='$newpass' where username='$my_player'");
if($sql) {
$alert = "You just changed your password to $newpass";
}
else {
$alert = "newpassword field not entered";
}
}
?>
html
<div class="container">
<form role="form" class="form-signin" action="" method="POST">
<h1 class="text-left">Change Password</h1><p>for <?=$my_player;?></p>
<input type="password" name="pass" placeholder="Enter your password" class="form-control" autofocus required><br/>
<input type="password" name="newpass" placeholder="Enter new password" class="form-control" required><br/>
<input type="password" name="confirmnewpass" placeholder="Re-Enter new password" class="form-control" required><br/>
<input type="submit" name="sumbit" value="Update Password" class="btn btn-lg btn-primary btn-block"><br/>
<?=$alert;?>
</form>
</div>