Absolute Zero Posted August 6, 2007 Share Posted August 6, 2007 "The current password you entered was wrong" I have entered my password and reentered it many times, no caps lock, so it must be a bug. I believe the bug is in preferences.php. I will be posting all of the code just incase thanks....Please help! -Absolute Zero! <?php session_start(); require "global_func.php"; if($_SESSION['loggedin']==0) { header("Location: login.php");exit; } $userid=$_SESSION['userid']; require "header.php"; $h = new headers; $h->startheaders(); include "mysql.php"; global $c; $is=mysql_query("SELECT u.*,us.* FROM users u LEFT JOIN userstats us ON u.userid=us.userid WHERE u.userid=$userid",$c) or die(mysql_error()); $ir=mysql_fetch_array($is); check_level(); $fm=money_formatter($ir['money']); $cm=money_formatter($ir['crystals'],''); $lv=date('F j, Y, g:i a',$ir['laston']); $h->userdata($ir,$lv,$fm,$cm); $h->menuarea(); switch($_GET['action']) { case 'sexchange2': do_sex_change(); break; case 'sexchange': conf_sex_change(); break; case 'passchange2': do_pass_change(); break; case 'passchange': pass_change(); break; case 'namechange2': do_name_change(); break; case 'namechange': name_change(); break; case 'picchange2': do_pic_change(); break; case 'picchange': pic_change(); break; default: prefs_home(); break; } function prefs_home() { global $ir,$c,$userid,$h; print "Preferences [url='preferences.php?action=sexchange']Sex Change[/url] [url='preferences.php?action=passchange']Password Change[/url] [url='preferences.php?action=namechange']Name Change[/url] [url='preferences.php?action=picchange']Display Pic Change[/url] "; } function conf_sex_change() { global $ir,$c,$userid,$h; if($ir['gender'] == "Male") { $g="Female"; } else { $g="Male"; } print "Are you sure you want to become a $g? [url='preferences.php?action=sexchange2']Yes[/url] | [url='preferences.php']No[/url]"; } function do_sex_change() { global $ir,$c,$userid,$h; if($ir['gender'] == "Male") { $g="Female"; } else { $g="Male"; } mysql_query("UPDATE users SET gender='$g' WHERE userid=$userid",$c); print "Success, you are now $g! [url='preferences.php']Back[/url]"; } function pass_change() { global $ir,$c,$userid,$h; print "Password ChangeCurrent Password: New Password: Confirm: "; } function do_pass_change() { global $ir,$c,$userid,$h; if($_POST['oldpw'] != $ir['userpass']) { print "The current password you entered was wrong. [url='preferences.php?action=passchange']> Back[/url]"; } else if($_POST['newpw'] !== $_POST['newpw2']) { print "The new passwords you entered did not match! [url='preferences.php?action=passchange']> Back[/url]"; } else { mysql_query("UPDATE users SET userpass='{$_POST['newpw']}' WHERE userid=$userid",$c); print "Password changed!"; } } function name_change() { global $ir,$c,$userid,$h; print "Name Change Please note that you still use the same name to login, this procedure simply changes the name that is displayed. New Name: "; } function do_name_change() { global $ir,$c,$userid,$h; if($_POST['newname'] == "") { print "You did not enter a new name. [url='preferences.php?action=namechange']> Back[/url]"; } else { $_POST['newname']=str_replace(array("<", ">", "\\\'"), array("<", ">", "'"), $_POST['newname']); mysql_query("UPDATE users SET username='{$_POST['newname']}' WHERE userid=$userid",$c); print "Username changed!"; } } function pic_change() { global $ir,$c,$userid,$h; print "Pic Change Please note that this must be externally hosted, [url='http://imageshack.us']ImageShack[/url] is our recommendation. Any images that are not 150x150 will be automatically resized New Pic: "; } function do_pic_change() { global $ir,$c,$userid,$h; if($_POST['newpic'] == "") { print "You did not enter a new pic. [url='preferences.php?action=picchange']> Back[/url]"; } else { $_POST['newpic']=str_replace('\\\'',''', $_POST['newpic']); mysql_query("UPDATE users SET display_pic='{$_POST['newpic']}' WHERE userid=$userid",$c); print "Pic changed!"; } } $h->endpage(); ?> Quote Link to comment Share on other sites More sharing options...
Decepti0n Posted August 6, 2007 Share Posted August 6, 2007 Re: v1.1 bug - Password change! try changing if($_POST['oldpw'] != $ir['userpass']) to if(md5($_POST['oldpw']) != $ir['userpass']) Quote Link to comment Share on other sites More sharing options...
Absolute Zero Posted August 6, 2007 Author Share Posted August 6, 2007 Re: v1.1 bug - Password change! Edit: Actually I need some more help now... when I change the password to the new one and try it out it says: "Error Invalid username or password! > Back" any ideas? Quote Link to comment Share on other sites More sharing options...
Raptor_Jesus Posted August 6, 2007 Share Posted August 6, 2007 Re: v1.1 bug - Password change! This is fixed Decepti0n was on the right track Zero just neglected the mysql_query("UPDATE users SET userpass=md5('{$_POST['newpw']}') WHERE userid=$userid",$c); part that follows. Quote Link to comment Share on other sites More sharing options...
Absolute Zero Posted August 7, 2007 Author Share Posted August 7, 2007 Re: v1.1 bug - Password change! Thanks Noelle...problems fixed...time to start reading. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.