0

Here is my script

when I submit the data it doesn't updated in database and I want make one more change the password has to be sent to database as md5 converted. here is my code I have pasted all the page code below

<?php
//*
// teacher_change_password.php
// Teachers Section
// Form to change password
//*

//Check if teacher is logged in
session_start();
if(!isset($_SESSION['UserID']) || $_SESSION['UserType'] != "T")
  {
    header ("Location: index.php?action=notauth");
    exit;
}

//Inizialize databse functions
include_once "ez_sql.php";
//Include global functions
include_once "common.php";

// Include configuration
include_once "configuration.php";

$tfname=$_SESSION['tfname'];
$tlname=$_SESSION['tlname'];
$user_id=$_SESSION['UserId'];
$action=get_param("action");

if($action=="update"){
    $tpass=tosql(get_param("password"), "Text");
    $tpass=md5($tpass);
    $sSQL="UPDATE web_users SET web_users_password='". $tpass ."' WHERE web_users_id='". $user_id ."'";
    $db->query($sSQL);
}else{
    $sSQL="SELECT web_users_password FROM web_users WHERE web_users_id='". $user_id ."'";
    $tpass=$db->get_var($sSQL);

};

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1" />
<title><?php echo _ADMIN_MAIN_MENU_TITLE?></title>
<style type="text/css" media="all">@import "student-teacher.css";</style>
<link rel="icon" href="favicon.ico" type="image/x-icon"><link rel="shortcut icon" href="favicon.ico" type="image/x-icon">
<SCRIPT language="JavaScript">
/* Javascript function to submit form and check if field is empty */
function submitform(fldName)
{
  var f = document.forms[0];
  var t = f.elements[fldName]; 
  if (t.value!="") 
    f.submit();
  else
    alert("You have to enter a value !");
}
</script>
<script type="text/javascript" language="JavaScript" src="sms.js"></script>
</head>

<body>
<?php include "teacher_header.php"; ?>
<div id="Header">
<table width="100%">
  <tr>
    <td width="50%" align="left"><font size="2">&nbsp;&nbsp;<?php echo date(_DATE_FORMAT); ?></font></td>
    <td width="50%"><?php echo _WELCOME?>, <?php echo $tfname. " " .$tlname; ?></td>
  </tr>
</table>
</div>
<div id="Content">
    <?php
    if($action=="update"){
    ?>
    <h1><?php echo _TEACHER_CHANGE_PASSWORD_SUCCESSFUL?></h1>
    <?php
    }else{
    ?>
    <h1><?php echo _TEACHER_CHANGE_PASSWORD_TITLE?></h1>
    <br>
    <form name="changepass" method="POST" action="teacher_change_password.php">
    <input type="text" size="20" name="password" value="<?php echo $tpass; ?>" onchange="this.value=this.value.toLowerCase();">
    <br>
    <input type="hidden" name="action" value="update">
    <a class="aform" href="javascript: submitform('password')"><?php echo _TEACHER_CHANGE_PASSWORD_UPDATE?></a>                 
    </form>
    <?php
    };
    ?>
</div>
<?php include "teacher_menu.inc.php"; ?>
</body>

</html>
Cœur
  • 37,241
  • 25
  • 195
  • 267
sunil
  • 1
  • 1

2 Answers2

0

First, it would appear that $db is not set, also, I'm pretty sure that the line:

$sSQL="UPDATE web_users SET web_users_password='". $tpass ."' WHERE web_users_id='". $user_id ."'";

is vulnerable to sql injection, on $user_id

Dylan Katz
  • 194
  • 2
  • 14
  • database details are called from configuration.php can you give better secure code about the line $sSQL="UPDATE web_users SET web_users_password='". $tpass ."' WHERE web_users_id='". $user_id ."'"; – sunil Nov 28 '13 at 07:15
0

I would strongly suggest to read Safe Password Hashing

Don't use MD5, it's not safe anymore, and PHP offers better ways how to do it.

Zdenek Machek
  • 1,758
  • 1
  • 20
  • 30