Stuck on PHP query

Question

I\'ve created a page that allows users to change their password and email. All of it works but for some reason when I just want to change my email I also get the field Curre

Answer 1

Your query is probably spitting out an array. Try doing print_r($row) and examining the output. I have a feeling you're getting an associative array here and need to access the old password differently. Put the print_r after this line:

$row = mysql_fetch_assoc($queryget);

The answer is probably $row[0]['password'];

Also, don't use MD5 for hashing, use Scrypt or something like that with salt and maybe pepper.

Answer 2

You're checking that the post values are set for the password (which they always will be, because that form element will always be submitted). Instead of simplychecking if those vaues are set, make sure thay're not empty. use empty() Also, when making comparisons don't use the word "AND" use the and operator "&&".

        if (!empty($_POST['repeatnewpassword']) && !empty($_POST['newpassword'])) {
            if ($newpassword==$repeatnewpassword)
            {
                $querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE   username='$username'");
                echo "<div class='successmate'><br><br><br><br><hr>Password has been changed!</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
            }
            else {echo "<div class='results'>new password(s) dont match</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";}

        }

I'm looking at the wrong chunk of code. The above advice is good advice, but your problem is here:

If the password fields are empty then these will never be the same, so if ($oldpassword==$oldpassworddb) will always evaluate false.

Try

if ($oldpassword==$oldpassworddb && !empty($_POST['oldpassword']))