Jump to content

A problem with the code

sareea

By sareea
in PHP Coding Help

Recommended Posts

sareea Newbie

sareea

Posted
Posted

Hello,

I have in my script , a page called Account Details , and there is an option there to change the password .

And to change it i must put the current password and the new password.

My problem is that it doesn't recognize that i inserted the correct current password and it still says " you must add the correct current password ... "

 

Here is the code , can you please check if it is the code or the SQL syntaxes who causes the problem ?

 

if($act == "updatePassword"){
//Update password
$oldPass = hash("sha256", mysql_real_escape_string($_POST["currentPassword"]));
$newPass = mysql_real_escape_string($_POST["newPassword"]);
$newPassConfirm = mysql_real_escape_string($_POST["newPassword2"]);

//If hash $oldPass is the same as the DB already hashed password continue you with the password change
if($oldPass == $hashedPass){
//Check if new password is valid
if($newPass != "" && strlen($newPass) > 6){
//Change the password only if $newPass == $newPassConfirm
if($newPass == $newPassConfirm){
//Update hashed password
$newHashedPass = hash("sha256", $newPass.$salt);
$passchangeSuccess = mysql_query("UPDATE `webUsers` SET `pass` = '".$newHashedPass."' WHERE `id` = '".$userId."'");
if($passchangeSuccess){
$goodMessage = "Password successfully changed.";
}else{
$returnError = "Database Failure - Unable to change password";
}
}else if($newPass != $newPassConfirm){
$returnError = "The \"New Password\" and \"New Password Repeat\" fields must match";
}
}else{
$returnError = "Your new password is not valid, Must be longer then 6 characters";
}

}else if($oldPass != $hashedPass){
//Typed in password dosent match DB password
$returnError = "You must type in the correct current password before you can set a new password.";
}
}

 

And this is the input code ( html code )

 

<b><u>Change Password</u></b><br/>
<form action="/accountdetails.php" method="post"><input type="hidden" name="act" value="updatePassword">
<table>
<tr><td>Current Password: </td><td><input type="password" name="currentPassword"></td></tr>
<tr><td>New Password: </td><td><input type="password" name="newPassword"></td></tr>
<tr><td>New Password Repeat: </td><td><input type="password" name="newPassword2"></td></tr>
<tr><td>Authorize Pin: </td><td><input type="password" name="authPin" size="4" maxlength="4"></td></tr>
</table>
<span style="text-decoration: underline;">(You will be redirected to the login screen upon success)</span> <br />
<input type="submit" value="Update Password Settings"></form>
<br />
<br />

 

I think it is because that $hashedPass is not identified ... right ?

 

What should i do ?

Thanks a lot for the help !

Link to comment
https://forums.phpfreaks.com/topic/246254-a-problem-with-the-code/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.