problem with editting password through php

cocco123 · July 16, 2012, 8:54pm

so i am busy with a little project i started myself to learn php better, but is stumbled upon a little problem.

when i made the query in this script down here i thought it was working but when i run it with the form it gives this error:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/a5703565/public_html/login/editpassproces.php on line 14

the code:
[php]<?php

session_start();

$con = mysql_connect (“mysql14.000webhost.com”,“a5703565_belzug”,“QazWaz123”);
mysql_select_db(“a5703565_belzug”, $con);

$username = ‘cocco123’;

$result = mysql_query(“SELECT * FROM members WHERE username = cocco123”);

$row = mysql_fetch_array($result);

if($_POST[‘oldpass’] !== $row[‘password’]){
echo “Het wachtwoord is niet correct ingevuld probeer opnieuw.”;

}elseif( $_POST[‘newpass’] !== $_POST[‘validpass’] ){
echo $username;
echo $_SESSION[‘username’];
echo “De wachtwoorden komen niet overeen. Probeer het opnieuw.”;

} else{

$newpass = $_POST[‘newpass’];
mysql_query("UPDATE members SET password = $newpass WHERE username = $username ");

header(“location:http://bellinzonazug.webege.com/login/editpasssucces.php”);
}

?>[/php]

hope you guys can help me.
i tried to change the fetch_array into fetch_assoc but didn’t work, same error.

thanks in advance.

wilson382 · July 16, 2012, 8:57pm

replace your query with

[php]
$result = mysql_query(“SELECT * FROM members WHERE username = ‘cocco123’”);
[/php]

in sql when you mention the WHERE syntax you must enclose in single quotation unless is an integer number

cocco123 · July 16, 2012, 9:01pm

sorry forgot to edit that out (it was for testing if it worked)
here is the code how i want it:

[php]

<?php session_start(); $con = mysql_connect ("mysql14.000webhost.com","a5703565_belzug","QazWaz123"); mysql_select_db("a5703565_belzug", $con); $username = $_SESSION['username']; $result = mysql_query("SELECT * FROM members WHERE username = $username"); $row = mysql_fetch_array($result); if($_POST['oldpass'] !== $row['password']){ echo "Het wachtwoord is niet correct ingevuld probeer opnieuw."; }elseif( $_POST['newpass'] !== $_POST['validpass'] ){ echo $username; echo $_SESSION['username']; echo "De wachtwoorden komen niet overeen. Probeer het opnieuw."; } else{ $newpass = $_POST['newpass']; mysql_query("UPDATE members SET password = $newpass WHERE username = $username "); header("location:http://bellinzonazug.webege.com/login/editpasssucces.php"); } ?>

[/php]

at login it saves the username as a session variable and it uses it here to get the oldpass(word) and compare it if its the right one. after that check if the new passwords are equal to each other, if so update the password to the new password

wilson382 · July 16, 2012, 9:04pm

please speficy what is not working or if you need help in general ?

so i dont have troblueshoot your entire code please

cocco123 · July 16, 2012, 9:08pm

well the error states that: mysql_fetch_array(): supplied argument is not a valid MySQL result resource

so there must be going something wrong with getting out the current password out of the database and using it in the rest of the script.

i dont really know why this is happening cause the variables are all equal to the database columns.

wilson382 · July 16, 2012, 9:09pm

i found a couple syntax errors

try replace your code with mine:

[php]

<?php session_start(); $con = mysql_connect ("mysql14.000webhost.com","a5703565_belzug","QazWaz123"); mysql_select_db("a5703565_belzug", $con); $username = $_SESSION['username']; $result = mysql_query("SELECT * FROM members WHERE username = '$username'"); $row = mysql_fetch_array($result); if($_POST['oldpass'] != $row['password']) { echo "Het wachtwoord is niet correct ingevuld probeer opnieuw."; }elseif( $_POST['newpass'] != $_POST['validpass'] ){ echo $username; echo $_SESSION['username']; echo "De wachtwoorden komen niet overeen. Probeer het opnieuw."; } else{ $newpass = $_POST['newpass']; mysql_query("UPDATE members SET password = '$newpass' WHERE username = '$username'"); header("location:http://bellinzonazug.webege.com/login/editpasssucces.php"); } ?>

[/php]

the comparison operator != means not equal to
you had !== which is not a valid comparison operator

and you must enclose your variable in single qoutation when you use inside a sql Query

cocco123 · July 16, 2012, 9:11pm

thanks works like a charm

wilson382 · July 16, 2012, 9:14pm

your only mistake was you were using an invalid comparison operator and

in SQL whe you say [php] “SELECT * FROM table_name WHERE column1=‘variable’”;[/php]

you need the single qoutation

ttbakiatwoam · July 17, 2012, 5:43pm

I know this is all fixed but I would change your database password ASAP since you posted it and anyone in the known internet universe now knows that it is QazWaz123. Remember when posting to sites to CONCAT passwords and user names. Anyone could simply take your code as its posted and delete your whole database or table because of this little error.

wilson382 · July 17, 2012, 5:52pm

I agree with Andrew,

Change your password , in the future replace your DB Credential with * eg:[php] $user = *****;[/php] or don’t include them at all.

richei · July 17, 2012, 7:05pm

It shouldn’t be in there at all like that. Its better to put the connection info in a seperate file and just include it. Then you don’t have to worry about it

Also, if the password is ecrypted in the db table, you’ll have to encrypt the new pass before the comparison is done.

wilson382 · July 17, 2012, 7:09pm

He is not doing any encryption at all.

and as rechei said when you have your dababase connect file when uploading to a server put it before the public_html so that it can not be accessed thru the browser

ttbakiatwoam · July 17, 2012, 7:41pm

that can be a nightmare if you have to connect to more than one database though…

wilson382 · July 17, 2012, 8:25pm

it depends what you call nightmare really,

i personally connect from all my php files using only one file in my server.

i find myself calling files
[php]
include("…/connect_db.php");
or
include("…/…/connect_db.php");
or
include("…/…/…/connect_db.php");
or
include("…/…/…/…/connect_db.php");
[/php]

it might be hard at first but once you got it working and it worth the time because you have all your db configs in just one file, therefore if something is not working with the Database you know where to look for.

cocco123 · July 17, 2012, 9:55pm

well if i had a edit button i would have editted it but as there is nothing specialvin the db and its just a personal project,

but i cant edit my post or the button is unfindable

ttbakiatwoam · July 18, 2012, 6:15pm

get to 25 posts and you can modify it.

cocco123 · July 18, 2012, 8:53pm

aah thats a real pro to this forum though

wilson382 · July 18, 2012, 9:06pm

I agree. most people that post here are either guest or hit and run user who just ask and then dont come back unless they need help again so obviously they dont have 25 posts.

and I also think anyone should be allowed to give karma as well