I am trying to make a change password script, but it doesnt change the password. Everything else seems to work except that it doesnt change the password to what it is supposed to.
<?php
//connection
$db = mysql_connect("localhost", "xxxxx","xxxx");
mysql_select_db("xxxxx",$db);
//getting info
$old = md5($_POST["old"]);
$new = md5($_POST["new"]);
//cookie
$cookie = $_COOKIE["number"];
//query the db
$sql = mysql_query("SELECT * FROM login WHERE pass = "'. $old .'" AND number = '$cookie' ");
//check if its the right person logged in
if ($cookie == $number)
{
//check if its right old pass
if ( mysql_num_rows($sql) == 0 )
{
die("You entered the wrong old password. <a href=/dmorris/projects/druvianism/change.php>go back</a>");
}
//change password now
$change = "UPDATE login SET pass='$new' WHERE pass='$old' AND id='$id'";
$result = mysql_query($change);
echo "Thank you! Information updated.<a href='
http://www.axedio.com/dmorris/projects/druvianism/my/'>back</a>";
}
else
{
echo "Your ID does not much this old password";
}
?>
Here is the form page that goes with this
<form method="post"action="/dmorris/projects/druvianism/my/datain.php">
Old Password: <input type="password" name="old"><br>
New Password: <input type="password" name="new"><br>
<input type="Submit" name="update" value="Update information"></form>
<p><a href="
http://www.axedio.co.../">back</a></p>
Edited by sieur_drewry, 04 May 2005 - 12:21 AM.