php change password (old password does not match with the old password inside the database)

285
June 11, 2017, at 7:53 PM

Here is my code

<?php
include("connect.php");
error_reporting(0);
session_start();
if($_SESSION['logged'] == true){
        if($_SESSION['user_type'] == 2){
        header("location:admin\home.php");
        }
$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM tbl_useraccounts where user_id = $id";
$q = mysqli_query($con,$query);
        while($row = mysqli_fetch_array($q)){
            $oldpassworddb = $row['password'];
        }

if($user_id)
{
    //user is logged in
    if(isset($_POST['submit']))
    {
        //check fields
        $oldpassword = md5($_POST['oldpassword']);
        $newpassword = md5($_POST['newpassword']);
        $repeatnewpassword = md5($_POST['repeatnewpassword']);

        //check passwords
        if ($oldpassword == $oldpassworddb)
        {
            // check two new passwords
            if ($newpassword == $repeatnewpassword)
            {
                //success
                //change password in db
                $querychange = mysqli_query("
                UPDATE tbl_useraccounts SET password='$newpassword' WHERE user_id='$user_id'");
                session_destroy();
                echo "Your password has been changed<br/>
                <a href='home.php'>Return</a>";
            }
            else
                echo "New passwords doesnt match";

        }
        else
            echo "Old password doesnt match!";

    }
    else
    {
    echo"
    <form action='changepassword.php' method='POST'>
        Old Password: <input type='password' name='oldpassword'><p>
        New Password: <input type='password' name='newpassword'><br>
        Repeat New Password: <input type='password' name='repeatnewpassword'><p>
        <input type='submit' name='submit' value='Change Password'>
    </form>
    ";
    }
}
else 
    die("You must be logged in to change your password");
}else{
    header("location:login.php");
}
?>      

Im sorry im new to stackoverflow. When I type my old password inside the password bar, example is "123" wherein 123 is really the password stored in my database. But the always response when I click Change Password is "Old password does not match". 123 = 123 should be read as correct. What is the error in my code?

Answer 1

you might be picking wrong user as :

$user_id = $_SESSION['user_id']; // here you pick in $user_id
$query = "SELECT * FROM tbl_useraccounts where user_id = $id"; // here you check with $id

so change to

$query = "SELECT * FROM tbl_useraccounts where user_id = $user_id";

Also print_r($variable) can be helpful for you.

Answer 2

Change the below:

$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM tbl_useraccounts where user_id = $id";

To

$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM tbl_useraccounts where user_id = $user_id";

You have stored user id in the $user_id variable but using $id variable, which is not defined.

Answer 3

You used $id insted of $user_id in the where statment:

$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM tbl_useraccounts where user_id = $id";
$q = mysqli_query($con,$query);
while($row = mysqli_fetch_array($q)){
    $oldpassworddb = $row['password'];
}
READ ALSO
Select All from one table and fill values from another table on the result

Select All from one table and fill values from another table on the result

I want get full column from one table and select sum from another table that have same id

157
Confusion about orderby in the mysql query

Confusion about orderby in the mysql query

Below is the mysql query:

157
Migrate .xlsx into database sql or mongo

Migrate .xlsx into database sql or mongo

how to move 50 excel files into separate database, that works quick and independent for every user

164
MySQL Return Min and Max Value per Unique Item

MySQL Return Min and Max Value per Unique Item

I've got a table called scheduleData which contains the following columns:

251