why won't this code work, so the password changes:

<?php
if(isset($_SESSION["EON_CNTPNL_USERNAME"]))
{ $check->login(); }
else{
session_start();
include("functions.php");
$check = new checklogin;
$check->login(); }
echo("
<b>Edit your password!</b><br/>
<br/>");
if($_GET["act"] == "update")
{
$password = clean($_POST["password"]);
$password2 = md5($password);
$password2 = sha1($password2);
mysql_query("UPDATE `users` SET `password` = '$password2' WHERE `username` = '{$_SESSION["panel_username"]}'");
echo("Password Updated");
exit;
}
else
{
$rand = generateRandStr(13);
echo("Please set a new password:<br/><form action=\"?page=editpass&act=update\" method=\"POST\"><input type=\"text\" name=\"password\" value=\"$rand\" class=\"formbox\"> <b><-- Suggested</b><br/><br/><input type=\"submit\" name=\"submit\" value=\"Change Password\"><br/><br/>
The suggested password was $rand<br/>(So you can copy and paste)</form>");
}
?>

And whats the error?

The password won't change

Change..



mysql_query("UPDATE `users` SET `password` = '$password2' WHERE `username` = '{$_SESSION["panel_username"]}'");


To



mysql_query("UPDATE `users` SET `password` = '$password2' WHERE `username` = '$_SESSION[EON_CNTPNL_USERNAME]'");


That should work :)

<?php
if(isset($_SESSION["EON_CNTPNL_USERNAME"]))
{ $check->login(); }
else{
session_start();
include("functions.php");
$check = new checklogin;
$check->login(); }
echo("
<b>Edit your password!</b><br/>
<br/>");
if($_GET["act"] == "update")
{
$password = clean($_POST["password"]);
$password2 = md5($password);
$password2 = sha1($password2);
$username = $_SESSION["panel_username"];
mysql_query("UPDATE `users` SET `password` = '$password2' WHERE `username` = '$username'") or die(mysql_error());
echo("Password Updated");
exit;
}
else
{
$rand = generateRandStr(13);
echo("Please set a new password:<br/><form action=\"?page=editpass&act=update\" method=\"POST\"><input type=\"text\" name=\"password\" value=\"$rand\" class=\"formbox\"> <b><-- Suggested</b><br/><br/><input type=\"submit\" name=\"submit\" value=\"Change Password\"><br/><br/>
The suggested password was $rand<br/>(So you can copy and paste)</form>");
}
?>

ty for the help i will try as soon as i get my laptop back :D

Caleb, thats the same as the first version?

panel_username isnt the session variable :rolleyes: :P

Caleb, thats the same as the first version?

panel_username isnt the session variable :rolleyes: :P
How do you know that? Its included in his version, also it is not the same as the first version, the first version has no error handling.


You don't know that is not the session, at the top it gives another session to check against, but that doesn't mean the same...

Buy surely dan wouldnt set 2 username variables?

Yeah I noticed the var $password 2 is being used twice, maybe that's a problem?

Shouldnt be..

$password = clean($_POST["password"]); // getting the pass
$password2 = md5($password); // hashing the password
$password2 = sha1($password2); //hashing the md5 hashed pass with sha1..
$username = $_SESSION["panel_username"];
mysql_query("UPDATE `users` SET `password` = '$password2' // inserting the password as the md5 hashed pass?I know you'll understand but won't it be setting it as the first var which is the md5 hash of the password?

i tried both and they don't work. hmmm.

Change..



mysql_query("UPDATE `users` SET `password` = '$password2' WHERE `username` = '{$_SESSION["panel_username"]}'");
To



mysql_query("UPDATE `users` SET `password` = '$password2' WHERE `username` = '$_SESSION[EON_CNTPNL_USERNAME]'");
That should work :)
the password just don't work with this



<?php
if(isset($_SESSION["EON_CNTPNL_USERNAME"]))
{ $check->login(); }
else{
session_start();
include("functions.php");
$check = new checklogin;
$check->login(); }
echo("
<b>Edit your password!</b><br/>
<br/>");
if($_GET["act"] == "update")
{
$password = clean($_POST["password"]);
$password2 = md5($password);
$password2 = sha1($password2);
$username = $_SESSION["panel_username"];
mysql_query("UPDATE `users` SET `password` = '$password2' WHERE `username` = '$username'") or die(mysql_error());
echo("Password Updated");
exit;
}
else
{
$rand = generateRandStr(13);
echo("Please set a new password:<br/><form action=\"?page=editpass&act=update\" method=\"POST\"><input type=\"text\" name=\"password\" value=\"$rand\" class=\"formbox\"> <b><-- Suggested</b><br/><br/><input type=\"submit\" name=\"submit\" value=\"Change Password\"><br/><br/>
The suggested password was $rand<br/>(So you can copy and paste)</form>");
}
?>

nothing happens it just stays the samme


how about removing the random letters thing?

Just try this.


<?php
if(isset($_SESSION["EON_CNTPNL_USERNAME"]))
{ $check->login(); }
else{
session_start();
include("functions.php");
$check = new checklogin;
$check->login(); }
echo("
<b>Edit your password!</b><br/>
<br/>");
if($_GET["act"] == "update")
{
$password = clean($_POST["password"]);
$password1 = md5($password);
$password2 = sha1($password1);
mysql_query("UPDATE `users` SET `password` = '$password2' WHERE `username` = '{$_SESSION["panel_username"]}'");
echo("Password Updated");
exit;
}
else
{
$rand = generateRandStr(13);
echo("Please set a new password:<br/><form action=\"?page=editpass&act=update\" method=\"POST\"><input type=\"text\" name=\"password\" value=\"$rand\" class=\"formbox\"> <b><-- Suggested</b><br/><br/><input type=\"submit\" name=\"submit\" value=\"Change Password\"><br/><br/>
The suggested password was $rand<br/>(So you can copy and paste)</form>");
}
?> Might do it I'm not sure.

But then again if the pass isn't changing it shouldn't be that... hmm.

What is he doing is MD5ing the password, then adding SHA1 onto it..

Should i change the format of the password thing in phpmyadmin?

What is he doing is MD5ing the password, then adding SHA1 onto it..
I know but he put the vars the same?

The var $password2 was MD5 hashing the var $password and then another var named $password2 was sha1 hashing the first $password2 var... then inserting the var $password2, which it'd pick up the first var wouldn't it?

http://mochafm.com/staff/index.php
username: test
password: testaccount

thats to test it if you want, so yeh.

I know but he put the vars the same?

The var $password2 was MD5 hashing the var $password and then another var named $password2 was sha1 hashing the first $password2 var... then inserting the var $password2, which it'd pick up the first var wouldn't it?
No..


$password = clean($_POST["password"]);
$password2 = md5($password);
$password2 = sha1($password2);

$password = the post
$password2 = md5ing the $password
$password2 = sha1 $password2

So it would end up being this sha1(md5($_POST["password"]));

The way he is doing it is fine.. it picks up the correct variable..

No..


$password = clean($_POST["password"]);
$password2 = md5($password);
$password2 = sha1($password2);

$password = the post
$password2 = md5ing the $password
$password2 = sha1 $password2

So it would end up being this sha1(md5($_POST["password"]));

The way he is doing it is fine.. it picks up the correct variable..I understand that, but what I'm saying he has $password2 twice. He then inserts the value of $password2 as the pass... which I'm sure it reads the first (correct me if I'm wrong I'm not the best coder as you know...) so it'd grab the first $password2 and insert? Or the second...?

Meh. :P Correct me pls!

Use KP 2.

I understand that, but what I'm saying he has $password2 twice. He then inserts the value of $password2 as the pass... which I'm sure it reads the first (correct me if I'm wrong I'm not the best coder as you know...) so it'd grab the first $password2 and insert? Or the second...?

Meh. :P Correct me pls!

It would grab the second.

It would grab the second.Ah okay so it's all fine. Thanks for telling me! :P

<?php
if(isset($_SESSION['EON_CNTPNL_USERNAME'])){
$check->login();
}else{
session_start();
include("functions.php");
$check = new checklogin;
$check->login();
}
echo("
<b>Edit your password!</b><br/>
<br/>");
if($_GET["act"] == "update")
{
$password = clean($_POST['password']);
$password = md5($password);
$password = sha1($password);
mysql_query("UPDATE `users` SET `password` = '" . $password . "' WHERE `username` = '" . $_SESSION['EON_CNTPNL_NAME'] . "'") or die(mysql_error());
echo("Password Updated");
exit;
}
else
{
$rand = generateRandStr(13);
echo("Please set a new password:<br/><form action=\"?page=editpass&act=update\" method=\"POST\"><input type=\"text\" name=\"password\" value=\"$rand\" class=\"formbox\"> <b><-- Suggested</b><br/><br/><input type=\"submit\" name=\"submit\" value=\"Change Password\"><br/><br/>
The suggested password was $rand<br/>(So you can copy and paste)</form>");
}
?>

Don't go mental if it doesn't work.