I have been working on this script for awhile and I cannot get it right....
I know it is connecting because I can view my connections in the MySQL Workbench. It leads me to think that there is a problem with my UPDATE. Anyways could you guys please look look at it and tell me what you think?
<?php
//Connecting to the MySQL Database thing
mysql_connect("localhost:3306", "****", "*******") or die(mysql_error());
mysql_select_db("microcrith") or die(mysql_error());
//runs the code if submitted
if (isset($_POST['submit'])) {
//makes sure there is no blank stuff
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}
//checking password to see if they match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}
//md5 encryption
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}
$newpassword = $_POST['pass'];
$username = $_SESSION['username'];
//puts into database
$insert = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$username'") or die(mysql_error());
$update_member = mysql_query($insert);
?>
<h1>Registered</h1>
<p>Thank you, you have changed password - you may now <a href="login.php">login</a>. </p>
<?php
}
else
{
?>
<center>
<body style="background-image: url('http://microcrith.com/background.png'); background-repeat: no-repeat; background-cover: 0 0; background-size: cover;">
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table border="0">
<tr><td colspan=2 style="color:grey;"><h1>Profile</h1></td></tr>
<tr><td style="color:grey;">Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td style="color:grey;">Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr> <tr><td style="color:grey;">Confirm Password:
</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Submit">
</th></tr>
</table>
</form>
</body>
</center>
<?php
}
?>
Thank you for taking the time and looking at this.
UPDATE: Since everyone is saying this is so insecure I will just delete my website and start over.
I'm not sure if this could be the problem but try this :
$insert = mysql_query("UPDATE users SET password='".$password."' WHERE username='".$username."'") or die(mysql_error());
Also it's much prefered to use prepared statements with php data objects instead of mysql_* functions