// check the login details of the user and stop execution if not logged in
require "check.php";
Inside the file check.php we have only few lines of code to check the session. Here it is for your reference.
<?Php
if(!isset($_SESSION['userid'])){
echo "<center><font face='Verdana' size='2' color=red>
Sorry, Please login and use this page </font></center>";
exit;
}
?>
Now let us collect all the form posted data of the user
$todo=$_POST['todo'];
$password=$_POST['password'];
$password2=$_POST['password2'];
$old_password=$_POST['old_password'];
Now we will set the flags for validation of the variables. Please note that we have used limited validation here and you can go for more checking as per your requirements. ( like allowing only numbers or chars in the password etc. )
$status = "OK";
$msg="";
Now check the old password
$count=$dbo->prepare("select password from plus_signup where userid=:userid");
$count->bindParam(":userid",$_SESSION[userid],PDO::PARAM_STR, 15);
$count->execute();
$row = $count->fetch(PDO::FETCH_OBJ);
if($row->password<>md5($old_password)){
$msg=$msg."Your old password is not matching as per our record.<BR>";
$status= "NOTOK";
}
After this we will see that our entered password is not less than 3 char and more that 8 char length.
if ( strlen($password) < 3 or strlen($password) > 8 ){
$msg=$msg."Password must be more than 3 char legth and maximum 8 char lenght<BR>";
$status= "NOTOK";}
if ( $password <> $password2 ){
$msg=$msg."Both passwords are not matching<BR>";
$status= "NOTOK";}
Now if our validation is ok then we will go for updating SQL and if validation is not ok then we will display the error message. In our query we are using SQL update statement and based on the success of the sql update statement we can display the message. Here is the code for the updating of the member table.
if($status<>"OK"){
echo "<font face='Verdana' size='2' color=red>$msg</font>
<br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}else{ // if all validations are passed.
$password=md5($password); // Encrypt the password before storing
//if(mysql_query("update plus_signup set password='$password' where userid='$_SESSION[userid]'")){
$sql=$dbo->prepare("update plus_signup set password=:password where userid='$_SESSION[userid]'");
$sql->bindParam(':password',$password,PDO::PARAM_STR, 32);
if($sql->execute()){
echo "<font face='Verdana' size='2' ><center>Thanks <br>
Your password changed successfully. Please keep changing your password for better security</font></center>";
}else{
echo "<font face='Verdana' size='2' color=red><center>Sorry <br>
Failed to change password Contact Site Admin</font></center>";
}
If the database updating is successful then the user has to use new password for next time login. Or the user can be redirected to logout page and can be asked to login again. flora | 15-11-2011 |
how about adding javascript in changing password? can u pls help me.. thanks in advance :) |
Nitin patil | 06-09-2012 |
Thanks u really help me. |
John Akuse | 23-09-2013 |
Process for changing password interesting |
Prasad | 29-01-2014 |
Thanks... it realy works...! |
Jue | 22-09-2014 |
why error at config.php ? Error!: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES) |
smo | 24-09-2014 |
Enter correct login details for MySQL. userid , password and database name |
nis | 24-09-2014 |
Error!: SQLSTATE[HY000] [1045] Access denied for user 'root'@'localhost' (using password: YES) There is no databases in that code file |