I am using the following php/MySQL script to allow a user to change their password. for some reason this script works on my localhost but not when I try and run it from my main server?
Please can someone show me where I am going wrong? Thanks in advance
<?php
session_start();
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$old_pass = $_POST['old_pass'];
$old_pass = stripslashes($old_pass);
$old_pass = mysql_real_escape_string($old_pass);
$new_pass = $_POST['new_pass'];
$new_pass = stripslashes($new_pass);
$new_pass = mysql_real_escape_string($new_pass);
$new_pass2 = $_POST['new_pass2'];
$new_pass2 = stripslashes($new_pass2);
$new_pass2 = mysql_real_escape_string($new_pass2);
include '../include/config.php';
$query = "SELECT * FROM supplier_users WHERE user_id = '{$_SESSION['id']}' UNION SELECT * FROM internal_users WHERE user_id = '{$_SESSION['id']}'";
$result = mysql_query($query);
$row = mysql_fetch_assoc($result);
include '../dependables/secure.php';
$hashed_pass = crypt($old_pass, $Blowfish_Pre . $row['salt'] . $Blowfish_End);
if($hashed_pass !== $row['user_password_hash']) {
$_SESSION['message2'] = '<div class="form_error2">Ooops! The Current Password you entered is Incorrect. Please try again.</div> ';
echo $_SESSION["message2"];
unset($_SESSION['message2']);
}else{
if($new_pass != $new_pass2) {
$_SESSION['message2'] = '<div class="form_error2">Ooops! The Passwords do not match. Please try again.</div> ';
echo $_SESSION["message2"];
unset($_SESSION['message2']);
}else{
if($hashed_pass == $row['user_password_hash']) {
if($new_pass == $new_pass2) {
$pass = $new_pass;
$Allowed_Chars =
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789./';
$Chars_Len = 63;
// 18 would be secure as well.
$Salt_Length = 21;
$mysql_date = date( 'Y-m-d' );
$salt = "";
for($i=0; $i<$Salt_Length; $i++)
{
$salt .= $Allowed_Chars[mt_rand(0,$Chars_Len)];
}
$bcrypt_salt = $Blowfish_Pre . $salt . $Blowfish_End;
$hash = crypt($pass, $bcrypt_salt);
$title = 'Password';
$query2 = "UPDATE supplier_users SET user_password_hash = '$hash', salt = '$salt', password_change_date = now() WHERE user_id = '{$_SESSION['id']}' LIMIT 1";
$result2 = mysql_query($query2);
$query3 = "UPDATE internal_users SET user_password_hash = '$hash', salt = '$salt', password_change_date = now() WHERE user_id = '{$_SESSION['id']}' LIMIT 1";
$result3 = mysql_query($query3);
if($result2 || $result3) {
$digits2 = 6;
$ref = rand(pow(10, $digits2-1), pow(10, $digits2)-1);
$final = "INSERT INTO recent_activity (id, user_id, reference, date, activity_type, status) VALUES ('', '{$_SESSION['id']}', '$ref', now(), '$title', 'Complete')";
$second = mysql_query($final);
$_SESSION['message2'] = '<div class="form_error21">Thank You! Your Password has been changed successfully.</div> ';
echo $_SESSION["message2"];
unset($_SESSION['message2']);
} } } } } } ?>
<div class="overlap">
<h23>Change Password</h23>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="old_pass" id="old_pass" class="user" placeholder="Current Password" autocomplete="off"><br/>
<input type="text" name="new_pass" id="new_pass" class="user" placeholder="New Password" autocomplete="off"><br/>
<input type="text" name="new_pass2" id="new_pass2" placeholder="Confirm New Password" autocomplete="off">
<input type="submit" name="subimt" id="submit" value="Change">
</form>
</div>
<div class="bottom_page_banner"></div>