PHP-and-MySQL/C4/User-Password-Change-Part-2/English-timed
From Script | Spoken-Tutorial
| Time | Narration |
| 00:00 | Welcome to the 2nd part of our Change Password tutorial. In the last one, we learnt how to check if our forms were submitted. |
| 00:09 | We’ve got our data values in here. |
| 00:13 | Please remember that inside our database, our passwords are encrypted. |
| 00:18 | So, as soon as these fields are coming in, I will encrypt them into an md 5 hash. |
| 00:27 | Make sure you put the brackets. |
| 00:35 | What I have highlighted here is our parameter. |
| 00:38 | So, here we will have our "md5" encrypted passwords. |
| 00:43 | We will need to check this field to see whether they exist or not. |
| 00:51 | At the moment when we submit our form, we see that nothing really happens. |
| 00:57 | First I will say “check password against db” and then we have to connect to our database. |
| 01:08 | We have already connected to the database in several of these pages- like the login page. |
| 01:15 | You can put this into a separate file, say, “include” and include "connect .php” with your one time login script in, so that you don’t have to keep typing it. |
| 01:29 | But for our tutorial's sake, I will keep typing it over and over again because this is a good way to learn. |
| 01:35 | We type here - "$connect = mysql_connect()". |
| 01:40 | And we will be connecting to our "local host" database, with my username as "root" and my password as nothing; I am going to select my database. |
| 01:50 | So, that is “phplogin” which is here. Let's go there and you can see it here. |
| 01:58 | Our table is "users" which we can use later on. |
| 02:01 | Next we will create a query to get the passwords. |
| 02:05 | So I will type “ $query get” which is equal to mysql.......... "mysql_query" and here we will type "SELECT password" - We need to ascertain the password from the database "users". |
| 02:26 | You can see here. This is the "users" table. |
| 02:31 | Then we type “WHERE username is equal to $user”. This is our session variable holding our user’s 'username'. |
| 02:39 | So, what we are doing is we are selecting our password hash from this table where the "username' is equal to the session name and that is equal to “Alex”. |
| 02:49 | So, that should be a successful query. And you can type at the end or die "Query didn’t work”" - some error message. |
| 02:59 | You can be a bit imaginative with these error messages and type what you like. |
| 03:08 | Same here. You can say or die. You can add your own error message in here but to save time I am not going to, right now. |
| 03:17 | Now, we will use this slightly differently, before we use the while function to loop through every record in the database. |
| 03:25 | I was informed about this method through a comment someone posted. I will say "$row = mysql_fetch_associative". And that's "$query get". |
| 03:41 | We will set “$old password db” which is a new variable name. Don’t mistake this with the '$old password' that has been submitted. |
| 03:50 | Our old password inside the database will be equal to our '$row'. |
| 03:55 | Remember, this creates an array. |
| 03:58 | So, this value is "password" because inside our database, this is “password” here. You need to use the labels. |
| 04:06 | So, from here on we can check our passwords. |
| 04:08 | Checking our old passwords and our new passwords is just a simple if statement. |
| 04:16 | Let's type - if the 'old password' is equal to the 'old password inside the database'. |
| 04:25 | These are both 'md5 hashes' because we converted them into an md5 hash earlier. |
| 04:30 | So, if they are equal then we’ll run a block of code, otherwise we’ll kill the page and say ” Old password doesn’t match!”. |
| 04:44 | So here, assuming we’ve got through the first stage of our validation, we checked the old password with the old password in the database. Now we need to check our two new passwords. |
| 04:57 | So this is just as simple as typing if '$new password' is equal to '$repeat new password' then we can write a block of code; otherwise we can just kill the page and say “ New passwords don’t match!”. |
| 05:20 | So here, this is “success” and then we’ll say “change password in database”. |
| 05:31 | So now what I’ll do is echo out “success” and I’ll go back to my page. |
| 05:38 | I’ll type my password wrong on purpose. So, I’ll just type this. |
| 05:41 | My new password I’ll type as "abc" and then clicking on Change password, we get the message "Old password doesn’t match!". |
| 05:49 | If I type "abc" as my old password which it is and "123" as my new password and random letters in the next, we should get.....Oh "Old password doesn’t match!" |
| 06:00 | Let's go back and check the code. Old password....row - password.... 'query get'... |
| 06:13 | And, what we can do here to debug is: just say echo '$old password db' with a break on the end and just say echo 'old password' with another break. |
| 06:31 | What we can do now is, run the script again. So, old password equals "abc", new password equals "123" and then random letters. |
| 06:44 | Okay, so let’s compare these. They both look the same to me, so we can see that we’ve got a problem here. |
| 06:50 | Again let's check the code. Checking for the spellings. |
| 07:15 | Ok. I just found out the problem. If I go back to my database here, we see that I had added in this value myself and I had created this space at the end of this - you can see it highlighted in blue - I’ll just get rid of that quickly and I’ll come back to my page. |
| 07:33 | I’ll login again as usual and quickly change my password, I’ll put my old password in correctly and random text for my two new passwords. |
| 07:45 | You can see that my two new passwords don’t match. |
| 07:49 | We've echoed this out already, so now we can delete this. |
| 07:53 | Assuming my passwords do match, let me echo this success message. |
| 07:58 | So let’s just delete these. I put them for debugging. |
| 08:02 | I’ll just type in my old password, my new passwords 123 and 123, click Change password and we’ve got success. |
| 08:10 | So, I apologize for that last slip-up there. |
| 08:18 | So in the 3rd part of this tutorial, we will continue with updating the user's password and just making sure everything’s working properly. |
| 08:29 | Thanks for watching. This is Joshwa Mathew, dubbing for the Spoken Tutorial Project. |
