Hello. I have this change password script but when I type something into the existing password box and leave the new password and confirm new password box blank it says the password has been changed. If I type nothing in any of the boxes and submit it says all fields are required. I need it so you HAVE to use all 3 boxes for it to work. Also, if I do type in all 3 boxes it says the password has been changed but it doesn’t even change it. I have set it as SHA1 but still no luck, it still stays as the existing password.
[code]else if($_POST[‘submit’]==‘Doit’)
{
// Checking whether the Login form has been submitted
$err = array();
// Will hold our errors
if(!count($err))
{
$_POST['password2'] = mysql_real_escape_string($_POST['password2']);
$_POST['password3'] = mysql_real_escape_string($_POST['password3']);
$_POST['password4'] = mysql_real_escape_string($_POST['password4']);
// Escaping all input data
}
if(!$_POST['password2'] || !$_POST['password3'] || !$_POST['password4'])
{
$err[] = 'All fields are required.';
}
$row = mysql_fetch_assoc(mysql_query("SELECT * FROM playerdata WHERE user='{$_SESSION['user']}' AND password='".sha1($_POST['password2'])."'"));
if($row['user'])
{
if($_POST['password3'] == $_POST['password4'])
{
// If everything is OK login
$pass = substr(sha1($_POST['password3']));
mysql_query(" INSERT INTO playerdata(user,password)
VALUES(
'".$_SESSION['user']."',
'".sha1($_POST['password3'])."'
)");
$_SESSION['msg']['change-success']='Your existing password has been changed. '.$pass;
}
else $err[] = 'Your new passwords do not match.';
// Store some data in the session
}
else $err[]='You have entered an invalid existing password.';
if($err)
$_SESSION['msg']['change-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: http://127.0.0.1/");
exit;
}[/code]