Salt and MD5 Help

[Joseph Witchard]

Can anyone tell me what's wrong with my code?

 

<?php

  $user_id = $_GET['user_id'];

  // start the session
  
  session_name('pickles');
  session_set_cookie_params(900);
  session_start();
  
  
  
  // verify session
  
  if (empty($_SESSION) || $_SESSION['news'] != true)
  {
  
    // redirect them
    
    header("Location: login page");
    
    exit;
    
  }
  
  // require the connection and salt settings
  
  require_once("path_to_connection_and_update_code);
  
  require_once("path_to_salt_code");
  
  // connect to the database
  
  $conn = path_to_connection_and_update_code_function;
  
  
  
  // write the query
  
  $query1 = "SELECT `user_id`, `username`, `pwd`, `user_email` FROM `users` WHERE `user_id` = ? LIMIT 1";
  
  // prepare the statement
  
  if ($stmt1 = $conn->prepare($query1))
  {
  
    // bind the parameters
    
    $stmt1->bind_param('i', $user_id);
    
    // execute
    
    if ($stmt1->execute())
    {
    
      $stmt1->bind_result($id, $username, $pwd, $email);
      
      $stmt1->fetch();
      
      $stmt1->close();
      
    }
    
  }
  
  // process the form
  
  if (array_key_exists('submit', $_POST) && !empty($_POST['submit']))
  {
  
    // create an array for missing fields
    
    $missing = array();
    
    // check to see if there are any missing fields
    
    foreach ($_POST as $key => $value)
    {
    
      if (empty($key))
      {
      
        $missing[] = $key;
        
        exit;
        
      }
      
    }
    
    $email1 = $_POST['email'];
    $pwd1 = md5($salt . md5($_POST['pwd1'] . $salt));
    $pwd2 = md5($salt . md5($_POST['pwd2'] . $salt));
    
    // check to see that the passwords are identical
    
    if ($pwd1 !== $pwd2)
    {
      $notIdentical = false;
      
      exit;
      
    }
    
    // if all input is clear, let's go
    
    if (empty($missing) && $pwd1 === $pwd2)
    {
    
      // missing is no longer needed
      
      unset($missing);
      
      $query2 = "UPDATE `users` SET `pwd` = ? WHERE `user_id` = ?";
      
      if ($stmt2 = $conn->prepare($query2))
      {
      
      $stmt2->bind_param('si', $newPwd, $id2);
      
      $newPwd = $pwd1;
      $id2 = $user_id;
      
      $stmt2->execute();
      
      $stmt2->close();
      
      header("Location: different page");
      
      }
      
    }
    
  }
  

  
?>

 

What I'm trying to do is update a user's password with an encrypted password (as evident by the salt and MD5 function use). However, the password never seems to update. Every time I log into phpMyAdmin and check, the password is the same as it always was. No encryption, and no edits to the original word:confused:

[discomatt]

You could fix the syntax errors and isolate the code you're having problems with first

 

And this:

UPDATE `users` SET `pwd` = ? WHERE `user_id` = ?

[Joseph Witchard]

UPDATE `users` SET `pwd` = ? WHERE `user_id` = ?

 

If you're referring to that as a syntax error, it's not. That's how the MySQL Improved extension works.

 

And that's the thing. I'm not getting any errors. The code seems to work fine, but when I go into my database to check, nothing has been updated.