For some reason my code is updating the players password without even seeing if there oldpassword was correct first i check it here "else if($pass!= mysql_result($result, 0))" but it doesn't work ??
php
<?php
session_start();
if(!isset($_SESSION["sess_user"])){
header("location: index");
} else {
$my_player = $_SESSION['sess_user'];
}
if(isset($_POST["sumbit"])){
$link= mysql_connect ("localhost:8889","root","root")or die("Could not connect: ".mysql_error());
mysql_select_db("register") or die(mysql_error());
$pass = $_POST['pass'];
$newpass = $_POST['newpass'];
$confirmnewpass = $_POST['confirmnewpass'];
$result = mysql_query("SELECT password FROM login WHERE username='$my_player'");
if(!$result) {
$alert = "Failure ";
}
else if($pass!= mysql_result($result, 0)) {
$alert = "incorect password";
}
if($newpass==$confirmnewpass)
$sql=mysql_query("UPDATE login SET password='$newpass' where username='$my_player'");
if($sql) {
$alert = "You just changed your password to $newpass";
}
else {
$alert = "newpassword field not entered";
}
}
?>
html
<div class="container">
<form role="form" class="form-signin" action="" method="POST">
<h1 class="text-left">Change Password</h1><p>for <?=$my_player;?></p>
<input type="password" name="pass" placeholder="Enter your password" class="form-control" autofocus required><br/>
<input type="password" name="newpass" placeholder="Enter new password" class="form-control" required><br/>
<input type="password" name="confirmnewpass" placeholder="Re-Enter new password" class="form-control" required><br/>
<input type="submit" name="sumbit" value="Update Password" class="btn btn-lg btn-primary btn-block"><br/>
<?=$alert;?>
</form>
</div>
Try this:
Add:
$opass = mysql_fetch_array($result);
After of:
$result = mysql_query("SELECT password FROM login WHERE username='$my_player'");
And replace:
else if($pass!= mysql_result($result, 0)) {
By:
else if($pass!= $opass['password']) {
Also, your code will not stop when you define an alert. You need to replace:
$alert = "Alert";
By:
die("Alert");
If nor, your code will continue even if an error occurs.
The code still continues after the Errors are thrown. If you put this into function and after every error message put return: false; it will works