Format your code a bit nicer and you'll probably see the problem:
<?php session_start();
$user = $_SESSION['username'];
if ($user) {
if ($_POST['submit']) {
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
$connect = mysql_connect("*******","******","*****");
mysql_select_db("zenonhos_lr");
$queryget = mysql_query("SELECT `password` FROM `users` WHERE username='$user'") or die();
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
if ($oldpassword==$oldpassworddb) {
if ($newpassword == "") {
echo "Password cannot be blank";
} else {
if ($newpassword==$repeatnewpassword) {
$querychange = mysql_query("UPDATE `users` SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Password successfully changed! <a href='index.php'>Return to home page</a>");
} else {
die("New passwords do not match");
} else {
die("Old password does not match");
}
echo "<form action='changepass.php' method='POST'>" .
"Old Password: <input type='password' name='oldpassword'><br>" .
"New Password: <input type='password' name='newpassword'><br>" .
"Repeat New Password: <input type='password' name='repeatnewpassword'><br>" .
"<input type='submit' name='submit' value='Change Password'>";
} else {
die("You must be logged in to view this page.");
}
?>
FYI I cleaned up the last echo statement for clarity, it's not the direct issue.
See what you missed?
answered
Jul 07 '12 at 14:08
eddieringle
2.3k●7●16●44
