Hi All,
I'm trying to establish a change password script but the SHA256 hash is giving me issues. I get "An error has occured and your password was not reset."; however, when I go to check the DB, I've notice the password hash has been changed along with the old password. So both the new/old password is no good, forcing me to delete the username. Any way I can correct this?
Thanks,
<?php
if ($username && $userid) {
if($_POST['resetpass']){
//get the form data
$pass = mysql_real_escape_string(htmlentities($_POST['pass']));
$newpass = mysql_real_escape_string(htmlentities($_POST['newpass']));
$confirmpass = mysql_real_escape_string(htmlentities($_POST['confirmpass']));
//make sure all data was entered
if ($pass){
if ($newpass){
if ($confirmpass){
if ($newpass === $confirmpass) {
$password = hash("sha256",$password);
//include login info
include ('connect.php');
//connect
$connection =mysql_connect($db_host, $db_user, $db_pass);
if(!$connection){
die ("Could not connect to database: <br />".mysql_error());
}
//select database
$db_select = mysql_select_db($db_database);
if (!$db_select){
die ("Could not select to database: <br />". mysql_error());
}
//make sure the current password is correct
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
$numrows = mysql_num_rows($query);
if ($numrows == 1){
//encrypt new pass
$newpassword = hash("sha256",$password);
//update db with new pass
mysql_query("UPDATE users SET password='$newpassword' WHERE username='$username'");
//make sure password was changed
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$newpassword'");
$numrows = mysql_num_rows($query);
if (numrows == 1){
echo "Your password has been reset.";
}
else
echo "An error has occured and your password was not reset.";
}
else
echo "Your current password is incorrect.";
mysql_close();
}
else
echo "Your new password did not match.";
}
else
echo "You must confirm your new password.";
}
else
echo "You must enter your new password.";
}
else
echo "You must enter your current password.";
}
echo "<form action='./resetpass.php' method='post'>
<table>
<tr>
<td>Current Password:</td>
<td><input type='text' name='pass' /></td>
</tr>
<tr>
<td>New Password:</td>
<td><input type='password' name='newpass' /></td>
</tr>
<tr>
<td>Confirm Password:</td>
<td><input type='password' name='confirmpass' /></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='resetpass' value='Reset Password' /></td>
</tr>
</table>
</form>";
}
else
echo "Please login to access this page. <a href='./login.php' Login here</a>";
?>