I have a page in my members section of my website that allows users to change their password. It all functions correctly if all details are entered correctly.
The form asks for username, current password, new password, confirm new password.
If a user enters the incorrect username, the form does not change their password (as expected) but directs them to the confirmation page instead of an error page.
Also, if a user enters the wrong password, the form changes their password anyway and directs them to the confirmation page, instead of NOT changing the password and directing them to the error page.
My code is pasted below, if anyone can help, I would be grealt appreciative! Thanks!
Mel
php for change password form:
<?php
session_start();
$host="localhost"; // Host name
$username="username"; // Mysql username
$password="password"; // Mysql password
$db_name="database"; // Database name
$tbl_name="table"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$repeatnewpassword = $_POST['repeatnewpassword'];
$result = mysql_query("SELECT password FROM $tbl_name WHERE username='$username'");
if(!$result)
{
header("location:error1.php");
}
if ($row = mysql_fetch_assoc($result))
{
header("location:error.php");
}
if($newpassword==$repeatnewpassword)
$sql=mysql_query("UPDATE $tbl_name SET password='$newpassword' where username='$username'");
if($sql)
{
header("location:success.php");
}
else
{
header("location:error3.php");
}
?>
