Trying to make this script call to php. when I make the passwords not equal to eachother the error spits out that passwords dont match and if I leave it blank I also get the correct error message. however if I try to use it normally I get unknown error. Is there an order of operations in this code that doesn't match. I can't see anything is incorrect.
<script>
function changepass() {
var u = _("username").value;
var cp = _("currentPass").value;
var np = _("newPass").value;
var cnp = _("confirmNewPass").value;
if(np != cnp) {
_("status").innerHTML = "The passwords given do not match!";
} else if (cp === "" || np === "" || cnp === "") {
_("status").innerHTML = "Please fill out all of the fields.";
} else {
_("changepassbtn").style.display = "none";
_("status").innerHTML = 'please wait ...';
var ajax = ajaxObj("POST", "reset_pass.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
var response = ajax.responseText;
if(response.trim() == "success"){
_("status").innerHTML = 'Your password change was successful!';
} else if (response == "no_exist"){
_("status").innerHTML = "Your current password was entered incorrectly.";
_("changepassbtn").style.display = "initial";
} else if(response == "pass_failed"){
_("status").innerHTML = "Change password function failed to execute!";
_("changepassbtn").style.display = "initial";
} else {
_("status").innerHTML = "An unknown error occurred";
_("changepassbtn").style.display = "initial";
}
}
}
ajax.send("u="+u+"&cp="+cp+"&np="+np+"&cnp"+cnp);
}
}
</script>
here is the php.
<?php
// AJAX CALLS THIS CODE TO EXECUTE
if(isset($_POST['cp'])) {
include_once("php_includes/db_conx.php");
$username = '';
$oldpasshash = '';
$newpasshash = '';
$u = mysqli_real_escape_string($db_conx, $_POST['u']);
$oldpass = $_POST["cp"];
$newpass = $_POST["cnp"];
$oldpasshash = md5($oldpass);
$newpasshash = md5($newpass);
$sql = "SELECT username, password FROM users WHERE username='$username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
$db_username = $row["0"];
$db_password = $row["1"];
if($db_password != $oldpasshash){
echo "no_exist";
exit();
} else {
$sql = "UPDATE users SET password='$newpashhash' WHERE username='$db_username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$sql = "SELECT password FROM users WHERE username='$db_username' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$row = mysqli_fetch_row($query);
$db_newpass = $row[0];
if($db_newpass == $newpasshash) {
echo "success";
exit();
} else {
echo "pass_failed";
exit();
}
}
}
?>
I also want to kill all the user cookies but and I have the code from my logout page but I am unsure where to put it in this page. Any advice is good. NOTE: I am a newbie and just following tutorials for now I hope to modify this later when I understand it better.
you need to to add jquery's ajax library in your site and use your code like this below you can change this code according to your need
function checkpass() {
var password = $("#newpassword").val();
password = password.trim();
var confirmpassword = $("#confirmpassword").val();
confirmpassword = confirmpassword.trim();
var status = false;
if(password !== '' && confirmpassword !== ''){
if (password != confirmpassword) {
$("#newpassword").css('border', '1px solid red');
$("#confirmpassword").css('border', '1px solid red');
$('#password_error').html('Password and Confirm Password does not match!');
} else {
$("#newpassword").removeAttr('style');
$("#confirmpassword").removeAttr('style');
$('#password_error').html('');
status = true;
}
return status;
}
}
function changepass(){
var checkin = checkpass();
var url = 'myurl'; // change according to your need
if(checkin == true){
var newpass = $("#newpassword").val();
$.ajax({
url: url,
type: "POST",
data: $("#passowrdform").serialize(),
success: function (response){
//alert(response);
$('#old_pass').val(newpass)
$("#newpassword").val('');
$("#confirmpassword").val('');
}, error: function(){
}
});
}
return false;
}