Attempting to create a 'Change Password' page for my website, I keep being confronted with these two errors and I can't seem to understand why they are appearing;
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in /home/ll12rth/public_html/COMM2735/database/password.php on line 51
Warning: mysqli_free_result() expects parameter 1 to be mysqli_result, boolean given in /home/ll12rth/public_html/COMM2735/database/password.php on line 139
session_start();
$db_hostname = 'localhost';
$db_database = "****"; //replace with your db name
$db_username = "****"; //replace with the db username that you created
$db_password = "****"; //replace with the db password that you created
$db_status = 'not initialised';
$db_server = mysqli_connect($db_hostname, $db_username, $db_password);
$db_status = "connected";
if (!$db_server) {
die("Unable to connect to MySQL: " . mysqli_connect_error());
$db_status = "not connected";
} else
require_once('checklog.php');
require_once("functions.php");
// Grab the form data
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$newpassword = trim($_POST['newpassword']);
$repeatpassword = trim($_POST['repeatpassword']);
if (isset($_POST['submit'])) {
if ($username && $password) {
$username = clean_string($db_server, $username);
$password = clean_string($db_server, $password);
$query = "SELECT * FROM users WHERE username='$username'";
$result = mysqli_query($db_server, $query);
if ($row = mysqli_fetch_array($result)) {
$db_username = $row['username'];
$db_password = $row['password'];
if ($username == $db_username && salt($password) == $db_password) {
$_SESSION['username'] = $username;
$_SESSION['logged'] = "logged";
// header('Location: home.php');
// PASSWORD CHANGING IS DONE HERE
if ($newpassword == $repeatpassword) {
//From register
if (strlen($newpassword) > 25 || strlen($newpassword) < 6) {
$message = "Password must be 6-25 characters long";
} else {
//part 8
// Process details here
//include file to do db connect
if ($db_server) {
//clean the input now that we have a db connection
$newpassword = clean_string($db_server, $newpassword);
$repeatpassword = clean_string($db_server, $repeatpassword);
mysqli_select_db($db_server, $db_database);
// check whether username exists
$query = "SELECT password FROM users WHERE password='$newpassword'";
$result=mysqli_query($db_server, $query);
if ($row = mysqli_fetch_array($result)){
$message = "This is your current password. Please try again.";
} else {
//part 9
// Process further here
$newpassword = salt($newpassword);
$query = "INSERT INTO users (password) VALUES
('$password')";
mysqli_query($db_server, $query) or die("Insert failed. " . mysqli_error($db_server));
$message = "Your password has been changed!
";
}
mysqli_free_result($result);
} else {
$message = "Error: could not connect to the database.";
}
require_once("php/db_close.php"); //include file to do db close
}
}
//This code appears if passwords dont match
else {
$message = "Your new passwords do not match! Try again.
";
}
} else {
$message = "Incorrect password!
";
}
} else {
$message = "That user does not exist!
" . "Please try again";
}
mysqli_free_result($result);
//Close connection!
mysqli_close($db_server);
} else {
$message = "Please enter a valid username/password
";
}
}
?>
Techothing password
What do you want to change your password to echo $_SESSION['username'];
?>?
echo $message
?>