Issue with ‘changing password’ feature

I am experiencing some issues with the change password feature of my website.

My code is as follows:

<?php
session_start();
if(!isset($_SESSION[‘USERID’]))
require_once (‘encryptpage.php’);
require_once (‘cleanstring.php’);
require_once (‘homestart.php’);
?>

<?php
$password = clean_string($db_server, $_POST[‘password’]);
$newpassword = clean_string($db_server, $_POST[‘newpassword’]);
$repeatnewpassword = clean_string($db_server, $_POST[‘repeatnewpassword’]);

if ($_POST[‘submit’] == ‘Change’) {
if ($password && $newpassword && $repeatnewpassword) {
if ($newpassword == $repeatnewpassword) {
require_once (“connectpage.php”);

// include file to do db connect

if ($db_server) {
mysqli_select_db($db_server, $db_database);
$password = password($password);

// check whether USERID exists

$query = “SELECT password FROM users WHERE password=’$password’ AND USERID='” . $_SESSION[‘USERID’] . “‘”;
$result = mysqli_query($db_server, $query);
if ($row = mysqli_fetch_array($result)) {
$newpassword = password($newpassword);
$query = “UPDATE `users` SET `password`=’$newpassword’ WHERE `USERID`='” . $_SESSION[‘USERID’] . “‘”;
mysqli_query($db_server, $query) or die(“Insert failed. ” . mysqli_error($db_server));
$message = “<strong>You’ve changed password!</strong>”;

// Process further here

}
else {
$message = “Please type correct current password!”;
}

mysqli_free_result($result);
}
else {
$message = “Error: could not connect to the database.”;
}

mysqli_close($db_server); //include file to do db close
}
else {
$message = “New password and repeat new password must match!”;
}
}
else {
$message = “Fill all fields.”;
}
}
?>

I have approached my tutor for some advice in which I  have now switched the two starting instructions, using sessions before starting a session. This is a minor issue that has been easy to edit, however this has still not solved the problem. I need to check through each brace and ensure each one is positioned correctly.

I am receiving the following error during testing:

Fatal error: Call to undefined function password() in home/cs12cm/public_html/PROJECT/editpassword.php on line 25

Line 25 in my dreamweaver file is as follows:

$password = password($password);

This indicates to me that something needs to be changed here and that there is confusion defining the function.

I have tried using: $password = ([‘$password’]); however I have been unsuccessful here too. Instead I have researched ‘change password php’ on google and consequently deleted the file and created a new one. From following guidance from stackoverflow I have now successfully created a change password function that updates in my database when changed. I think the confusion came where I intended for the user to enter their current password- the difference here is that a user simply enters the desired new password with no request to enter their current password.

<?php
session_start();
require_once (‘encryptpage.php’);
require_once (‘cleanstring.php’);
require_once (‘connectpage.php’);

$user=$_GET[‘user’];
$password1 = mysqli_real_escape_string($db_server, $_POST[‘newpassword’]);
$password2 = mysqli_real_escape_string($db_server, $_POST[‘repeatnewpassword’]);

if ($password1 <> $password2) { echo “Your passwords do not match.”;}
else { (mysqli_query($db_server,”UPDATE users SET password=’$password1′ WHERE USERID=’$user'”)); }

$passwordchanged = true;
require_once (‘homestart.php’);
mysqli_close($db_server);
?>

Advertisements
This entry was posted in Issues. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s