Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Allow users to change random password

Status
Not open for further replies.
rskuse

rskuse

Technical User
Joined
Jul 18, 2002
Messages
74
Location
GB
I currently use a script to register users on a site that generates a random password using MD5 eg...

function makeRandomPassword() {
$salt = "abcdefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}

$random_password = makeRandomPassword();

$db_password = md5($random_password);

My script works fine and users can login successfully but I would like them to be able to change their password to one of their own choice by allowing them to enter their old password (that was randomly generated) and then entering a new password that will update MySQL database.
I have attempted to do this myself by querying the database and updating the field if the data is correct but it has not worked.

Can anyone give me a clue as to how I can do this??

Thankyou in advance....
 
Sort by date Sort by votes
Exactly what have you tried?

If you issue a query like:

UPDATE usertable SET passwd=md5('[newpassword]') WHERE username='[user-name'] AND passwd=md5('[oldpassword]')

You can then issue mysql_affected_rows() to see whether the change was successful.

Want the best answers? Ask the best questions: TANSTAAFL!
 
Upvote 0 Downvote
What I do is on the form I'll have <input type=&quot;password&quot; name=&quot;oldpassword&quot;> and then you need to compare the variable md5($oldpassword) with the value for the password stored in the database.
 
Upvote 0 Downvote
sleipnirs SQL statment does exactly that - and more.

If you just want to compare the entered old password you could use:
Code: 
$SQL = &quot;SELECT COUNT(username) AS num WHERE username='[username]' AND passwd=md5('[oldpassword]')&quot;;
$result = mysql_query($SQL, $conn);
# get the row
$row = mysql_fetch_array($result);
# should be 1
if ($row['num'] == 1){
   # etc.
[code]

However, sleipnir's SQL only updates when the oldpassword matches. You can check the number of rows affected by the SQL statement and if it's 0 the oldpassword was wrong.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

R
  • Locked
  • Question Question
How Can I Use MySQL To Send Data To An Email
Replies
1
Views
839
Chris Miller
Chris Miller
P
  • Locked
  • Question Question
JPgraph - How to stop a line graph from dropping to zero?
Replies
2
Views
907
Chris Miller
Chris Miller
W
  • Locked
  • Question Question
how to send checked row data in php
Replies
0
Views
598
wiltang2004
W
rmak78
  • Locked
  • Helpful tip Helpful tip
LIMIT USERS ACCESS PER DAY BY IP
Replies
0
Views
471
rmak78
rmak78
rogerte
  • Locked
  • Question Question
How to parse associative array
Replies
13
Views
3K
Chris Miller
Chris Miller

Part and Inventory Search

Sponsor

Back
Top