The change-users-password.php script lets administrators change the users password. Changing administrator password is done in another script.

In editing the users password in the host's members table, the configure.php is included to establish server and database connections. Next, we get the username and password variables POSTed to our PHP script, with the username being POSTed from the page that sent us here and the other variable getting POSTed from this members table editing page to itself. Note that if the Administrator is not logged in and therefore his username (stored in $U) is unset, he is sent to the login page. If the $A variable is not set, he has not yet entered data into the form.

Once the $A variable is set, the PHP script updates the specified password in the host's members table where all administrators' data is stored. Note that "UPDATE members SET users_password = '$A' WHERE username = '$U'" is the table query used, and it only works if the administrator's username is located in the members table. Note that in MySQL queries, single quotes are used around data variables, but when there are variables that represent table names (which does not occur in this particular script but does occur in scripts that perform such tasks as editing group members or editing status code meanings), no quotes should be used. If the table gets updated successfully, you get a message to that effect. Success is detected by a special MySQL function, mysql_affected_rows(). Once the edit is done, there's a button to let the administrator return to the Administrators Page. Note that JSON is used to pass the user name from PHP to JavaScript and then it gets POSTed back to PHP by the form in this script as well as to the Administrator page. This keeps the user logged in so he need not login constantly as he uses various editing scripts.

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=windows-1252">
<TITLE>Change Users Password</TITLE>
<meta name="description" content="Change Users Password">
<meta name="keywords" content="Change Users Password,php,javascript, dhtml, DHTML">
<style type="text/css">
BODY {margin-left:0; margin-right:0; margin-top:0;text-align:left}
p, li {font:13px Verdana; color:black;text-align:left}
h1 {font:bold 28px Verdana; color:black;text-align:center}
h2 {font:bold 24px Verdana;text-align:center}
h3 {font:bold 15px Verdana;}
</style>
</head><body>

<?php

include_once"configure.php";

$U=$_POST['username'];
$A=$_POST['password'];

if (!isset($U)) {
echo '<script language="javascript">alert("Please login.");
window.location="login.php"; </script>';
}

if (isset($A)) {
mysql_query("UPDATE members SET users_password = '$A' WHERE username = '$U'");
$rc = mysql_affected_rows();
if ($rc>0){unset($A);
echo '<script language="javascript">alert("The change was successfully accomplished.");</script>';}
else{echo '<script language="javascript">alert("The change was unsuccessful.");</script>';}
}

mysql_close();
?>

<h1>Change Users Password</h1>

<div id='pw' style='position:absolute;top:150px;left:200px;width:300px'><table style="background-color:#8aa;border-color:#00f" border='6' cellspacing=0 cellpadding=6><tr><td>
<form id='formpw' name="formpw" method="post" action="change-users-password.php" onsubmit="return validatepassword()">
<label for="Users Password"><b>Users Password:    </b><input type="password" name="password" size="20" maxlength="20" value=""></label><br><br>
<input type="hidden" name="username" value=" ">
<input type="submit" value="Change Users Password"><br><br>
<input type="reset" value="Reset"></form></td></tr></table>

<br><br>

<form name="MyForm" method="POST" action="administrator-page.php">
<input type="button" value="Return to Administrator Page" onclick="goback()">
<input type="hidden" name="username" value=" ">
</form>
</div>

<script language="javascript">

function goback(){
var u = <?php echo json_encode($U); ?>;
document.MyForm.username.value=u;
document.MyForm.submit();}

function validatepassword(){

var u = <?php echo json_encode($U); ?>;
document.formpw.username.value=u;

var ck_password = /^[A-Za-z0-9!@#$%^&*()_]{4,20}$/;
if (document.formpw.password.value.search(ck_password)==-1)
{alert("Please only enter letters, numbers and these for password: !@#$%^&*()_");return false}

return true;}

</script>

</body></html>