Jump to content

A problem with the code

sareea

By sareea
in PHP Coding Help

 Share

Recommended Posts

sareea Newbie

sareea

Posted
Posted

Hello,

I have in my script , a page called Account Details , and there is an option there to change the password .

And to change it i must put the current password and the new password.

My problem is that it doesn't recognize that i inserted the correct current password and it still says " you must add the correct current password ... "

 

Here is the code , can you please check if it is the code or the SQL syntaxes who causes the problem ?

 

if($act == "updatePassword"){
//Update password
$oldPass = hash("sha256", mysql_real_escape_string($_POST["currentPassword"]));
$newPass = mysql_real_escape_string($_POST["newPassword"]);
$newPassConfirm = mysql_real_escape_string($_POST["newPassword2"]);

//If hash $oldPass is the same as the DB already hashed password continue you with the password change
if($oldPass == $hashedPass){
//Check if new password is valid
if($newPass != "" && strlen($newPass) > 6){
//Change the password only if $newPass == $newPassConfirm
if($newPass == $newPassConfirm){
//Update hashed password
$newHashedPass = hash("sha256", $newPass.$salt);
$passchangeSuccess = mysql_query("UPDATE `webUsers` SET `pass` = '".$newHashedPass."' WHERE `id` = '".$userId."'");
if($passchangeSuccess){
$goodMessage = "Password successfully changed.";
}else{
$returnError = "Database Failure - Unable to change password";
}
}else if($newPass != $newPassConfirm){
$returnError = "The \"New Password\" and \"New Password Repeat\" fields must match";
}
}else{
$returnError = "Your new password is not valid, Must be longer then 6 characters";
}

}else if($oldPass != $hashedPass){
//Typed in password dosent match DB password
$returnError = "You must type in the correct current password before you can set a new password.";
}
}

 

And this is the input code ( html code )

 

<b><u>Change Password</u></b><br/>
<form action="/accountdetails.php" method="post"><input type="hidden" name="act" value="updatePassword">
<table>
<tr><td>Current Password: </td><td><input type="password" name="currentPassword"></td></tr>
<tr><td>New Password: </td><td><input type="password" name="newPassword"></td></tr>
<tr><td>New Password Repeat: </td><td><input type="password" name="newPassword2"></td></tr>
<tr><td>Authorize Pin: </td><td><input type="password" name="authPin" size="4" maxlength="4"></td></tr>
</table>
<span style="text-decoration: underline;">(You will be redirected to the login screen upon success)</span> <br />
<input type="submit" value="Update Password Settings"></form>
<br />
<br />

 

I think it is because that $hashedPass is not identified ... right ?

 

What should i do ?

Thanks a lot for the help !

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.