Search the Community

I am new at coding, and at PHP. I am attempting to update a password. I have inserted my code, including comments and mark throughs. I am at the point where the database updates, however, it does not product a new $salt variable, and it does not encrypt using sha1 again, either. It is just putting $salt = 0 and $pwd = the literal new password. Also, the code has been changed SO many times to try to force the new encryption, it is probably very messy, I apologize ahead of time! Again, any help is appreciated! <?php require('includes/connection.inc.php'); $OK = false; $done = false; //db connection $conn = dbConnect('write', 'pdo'); if (isset($_GET['user_id']) && !$_POST) { //prepare query $sql = 'SELECT user_id, salt, pwd FROM lr1 WHERE user_id=?'; $stmt = $conn->prepare($sql); //bind the results $stmt->bindColumn(1, $user_id); $stmt->bindColumn(3, $salt); $stmt->bindColumn(4, $password); //execute $OK = $stmt->execute(array($_GET['user_id'])); $stmt->fetch(); } //if form is submitted, update record if (isset($_POST['update'])) { $password = trim($_POST['pwd']); $retyped = trim($_POST['conf_pwd']); require_once('classes/CheckPassword.php'); $errors = array(); //min password length set below $checkPwd = new Ps2_CheckPassword($password, 10); $checkPwd->requireMixedCase(); $checkPwd->requireNumbers(2); $checkPwd->requireSymbols(); $passwordOK = $checkPwd->check(); if (!$passwordOK) { $errors = array_merge($errors, $checkPwd->getErrors()); } if ($password != $retyped) { $errors[] = "Your passwords don't match."; } if (!$errors) { // encrypt the password and salt with SHA1 //include the connection file $conn=dbConnect('write', 'pdo'); //create a salt using the current timestamp //encrypt pwd and salt $salt = time(); $pwd = sha1($password . $salt); //original had salt=?, pwd=? $sql ='UPDATE lr1 SET salt=?,pwd=? WHERE user_id=?'; $stmt = $conn->prepare($sql); //$stmt->bindColumn(3, $salt); //$stmt->bindColumn(4, $pwd); //$stmt->bindParam(':user_id', $user_id); $done = $stmt->execute(array($_POST['salt'], $_POST['pwd'], $_POST['user_id'])); // execute query by passing array of variables if($stmt->rowCount() == 1) { $success = "The username has been updated. You may now log in."; } else { $errors[] = 'Sorry, there was a problem with the database.'; } } } ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Update Password</title> <link href="portal.css" rel="stylesheet" type="text/css"> </head> <body> <img src="images/dcanew.jpg" alt="dca header image" class="imgheader" /> <div id="wrapper"> <br><br> <form id="form1" method="post" action=""> <?php if (isset($success)){ echo "<p>$success</p>"; } elseif (isset($errors) && !empty($errors)) { echo '<ul>'; foreach ($errors as $error) { echo "<li>$error</li>"; } echo '</ul>'; } ?> <input name="user_id" type="hidden" value="<?php echo $user_id; ?>"> <p> <label for="pwd">New Password: </label> <input type="password" name="pwd" id="pwd" /> </p> <p> <label for="conf_pwd">Re-enter New Password:</label> <input type="password" name="conf_pwd" id="conf_pwd"> </p> <p> <input name="update" type="submit" id="update" value="Update Password" /> </p> </form> {more on page, but not included here}