Jump to content

A Question About Password Reset.

mostafatalebi

By mostafatalebi
in PHP Coding Help

 Share

Recommended Posts

mostafatalebi Regular Member

mostafatalebi

Posted
Posted

Hello everybody. I want ask a php programmer that whether or not my method for changing an already-logged in user is true or not.

  1. When the user logs in his username is saved in a $_SESSION.
  2. When user clicks on the change password link to be directed toward the edit_password page his/her id is queried using his $_SESSION. an example would be something Like this: ("SELECT id FROM tableName WHERE username=?)
  3. then I go on: bind_param(), execute(), bind_result($id), fetch()
  4. And then if $id != 0
  5. "UPDATE tableName SET password WHERE id=?)
  6. and again like above doing mysqli steps.

 

 

is my method true? but it doesn't work, it does nothing, neither error nor working. :(

Link to comment
Share on other sites
mostafatalebi Regular Member

mostafatalebi

Posted
  • Author
Posted

Here is the password-change code. In the login page a session is saved storing the username.

 

<?php
session_start();
mysqli_report(MYSQLI_REPORT_ERROR);
// Default Connections
include("config/db.php");
include("config/pass_config.php");
// Default Variable
$form['old_password'] = "";$form['password'] = "";
$alert['main'] = "";
$alert['old_password'] = "";$alert['password'] = "";
if(isset($_POST['submit']))// this is the main if statement
{
      		    if($_POST['old_password'] == "" || $_POST['password'] == "") // this if is for form validation
              		 {
                           if($_POST['old_password'] == "")
                               {
                                       $alert['old_password'] = "Required";
                               }
                           if($_POST['password'] == "")
                               {
                                       $alert['password'] = "Required";
                               }
                               $alert['main'] = "Please complete the form correctly.";
                               $form['old_password'] = $_POST['old_password'];
                               $form['password'] = $_POST['password'];
                               include("view/password_view.php"); // this renders styled page
               }// form validation
               else// this means that all fields are working and now we need to connect the php engine to the database
               {
                                                                                           $form['old_password'] = htmlentities($_POST['old_password']);
                                                                                           $form['password'] = htmlentities($_POST['password']);
                                                                                           $currentUser = $_SESSION['username'];

                                                                                           // this is the if of database connect
                                                                                           if ($connect = $db->prepare("SELECT id FROM member WHERE user = ? "))
                                                                                      	    {
                                                                                                       $connect->bind_param("s", $_SESSION['username']);
                                                                                                       $connect->execute();
                                                                                                       $connect->bind_result($id);
                                                                                                       $connect->fetch();
                                                                                           if($id)
                                                                                          	 {
                                                                                                           $connect->close();
                                                                                                           // add session variables
                                                                                                           $_SESSION['id'] = $id;
                                                                                                           if($connect = $db->prepare("SELECT pass FROM member WHERE id=?"))
                                                                                                           {
                                                                                                                   $connect->bind_param("i", $_SESSION['id']);
                                                                                                                   $connect->execute();
                                                                                                                   $connect->bind_result($password_change);
                                                                                                                   if(md5($form['old_password'] . $comb ) == $password_change)
                                                                                                                   {
                                                                                                          				    if($connect = $db->prepare("UPDATE member SET pass = ? WHERE id =?"))
                                                                                                                              {
                                                                                                                                 $connect->bind_param("si", md5($form['password'] . $comb),$_SESSION['id']);
                                                                                                                                 $connect->execute();
                                                                                                                                 $connect->close();
                                                                                                                                 header("Location: member.php?passwordChanged"); // SUCESSFUL UPDATION of PASSWORD
                                                                                                                              }
                                                                                                                              else
                                                                                                                  		    {
                                                                                                                                  echo $alert['main'] = "Updating password failed.";
                                                                                                                              }
                                                                                                                   }
                                                                                                                   else
                                                                                                                   {
                                                                                                          				   echo $alert['main'] = "Retreiving the old password failed.";
                                                                                                                   }
                                                                                                           }
                                                                                                           else
                                                                                                           {
                                                                                                           echo $alert['main'] = "Password incorrect, or the connection has not been established.";    
                                                                                                           }
                                                                                           header("Location: member.php?userLogin");
                                                                                      	      }
                                                                                           else
                                                                                           {
                                                                                               echo $alert['main'] = "User not found.";    
                                                                                           }
                                                                                       }

                                                                                       // this is the else of database connect
                                                                               else
                                                                                       {
                                                                                           $alert['main'] =  "No connection established. Please try in a few minutes.";
                                                                                           include ("view/password_view.php"); // this is renders stylistic page
                                                                                       }

               }// this is else form validation
}
else// this is the main else statement
{
   include("view/password_view.php");
}

Link to comment
Share on other sites
mostafatalebi Regular Member

mostafatalebi

Posted
  • Author
Posted

Here is the password-change code. In the login page a session is saved storing the username.

 

<?php
session_start();
mysqli_report(MYSQLI_REPORT_ERROR);
// Default Connections
include("config/db.php");
include("config/pass_config.php");
// Default Variable
$form['old_password'] = "";$form['password'] = "";
$alert['main'] = "";
$alert['old_password'] = "";$alert['password'] = "";
if(isset($_POST['submit']))// this is the main if statement
{
	 if($_POST['old_password'] == "" || $_POST['password'] == "") // this if is for form validation
	 {
if($_POST['old_password'] == "")
{
$alert['old_password'] = "Required";
}
if($_POST['password'] == "")
{
$alert['password'] = "Required";
}
$alert['main'] = "Please complete the form correctly.";
$form['old_password'] = $_POST['old_password'];
$form['password'] = $_POST['password'];
include("view/password_view.php"); // this renders styled page
}// form validation
else// this means that all fields are working and now we need to connect the php engine to the database
{
$form['old_password'] = htmlentities($_POST['old_password']);
$form['password'] = htmlentities($_POST['password']);
$currentUser = $_SESSION['username'];

// this is the if of database connect
if ($connect = $db->prepare("SELECT id FROM member WHERE user = ? "))
 {
$connect->bind_param("s", $_SESSION['username']);
$connect->execute();
$connect->bind_result($id);
$connect->fetch();
if($id)
 {
$connect->close();
// add session variables
$_SESSION['id'] = $id;
if($connect = $db->prepare("SELECT pass FROM member WHERE id=?"))
{
$connect->bind_param("i", $_SESSION['id']);
$connect->execute();
$connect->bind_result($password_change);
if(md5($form['old_password'] . $comb ) == $password_change)
{
			 if($connect = $db->prepare("UPDATE member SET pass = ? WHERE id =?"))
{
$connect->bind_param("si", md5($form['password'] . $comb),$_SESSION['id']);
$connect->execute();
$connect->close();
header("Location: member.php?passwordChanged"); // SUCESSFUL UPDATION of PASSWORD
}
else
	 {
echo $alert['main'] = "Updating password failed.";
}
}
else
{
			 echo $alert['main'] = "Retreiving the old password failed.";
}
}
else
{
echo $alert['main'] = "Password incorrect, or the connection has not been established.";
}
header("Location: member.php?userLogin");
 }
else
{
echo $alert['main'] = "User not found.";
}
}

// this is the else of database connect
else
{
$alert['main'] = "No connection established. Please try in a few minutes.";
include ("view/password_view.php"); // this is renders stylistic page
}

}// this is else form validation
}
else// this is the main else statement
{
include("view/password_view.php");
}

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.