Jump to content

Hashing Error

codingdreamer

By codingdreamer
in PHP Coding Help

Recommended Posts

codingdreamer Newbie

codingdreamer

Posted
Posted

Hi All,

I'm trying to establish a change password script but the SHA256 hash is giving me issues. I get "An error has occured and your password was not reset.";  however, when I go to check the DB, I've notice the password hash has been changed along with the old password. So both the new/old password is no good, forcing me to delete the username. Any way I can correct this?

 

Thanks,

<?php
	
		if ($username && $userid) {
			
			if($_POST['resetpass']){
				//get the form data
				$pass = mysql_real_escape_string(htmlentities($_POST['pass']));
				$newpass = mysql_real_escape_string(htmlentities($_POST['newpass']));
				$confirmpass = mysql_real_escape_string(htmlentities($_POST['confirmpass']));
				
				//make sure all data was entered
				if ($pass){
					if ($newpass){
						if ($confirmpass){
							if ($newpass === $confirmpass) {
							$password = hash("sha256",$password);
								
							//include login info
				include ('connect.php');
				
				//connect
				$connection =mysql_connect($db_host, $db_user, $db_pass);
				if(!$connection){
					die ("Could not connect to database: <br />".mysql_error());
				}
				
				//select database
				$db_select = mysql_select_db($db_database);
				if (!$db_select){
					die ("Could not select to database: <br />". mysql_error());
				}
												
								//make sure the current password is correct
								$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
								$numrows = mysql_num_rows($query);
								if ($numrows == 1){
									//encrypt new pass
									$newpassword = hash("sha256",$password);
									
									//update db with new pass
									mysql_query("UPDATE users SET password='$newpassword' WHERE username='$username'");
									
									//make sure password was changed
									$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$newpassword'");
									$numrows = mysql_num_rows($query);
									if (numrows == 1){
										echo "Your password has been reset.";
									}
									else
										echo "An error has occured and your password was not reset.";
					
									
								}
								else
									echo "Your current password is incorrect.";
								
								mysql_close();
							}
							else
								echo "Your new password did not match.";
						
						}
						else
							echo "You must confirm your new password.";
					
					}
					else
						echo "You must enter your new password.";
				
				}
				else
					echo "You must enter your current password.";
			}
			echo "<form action='./resetpass.php' method='post'>
			<table>
			<tr>
				<td>Current Password:</td>
				<td><input type='text' name='pass' /></td>
			</tr>
			<tr>
				<td>New Password:</td>
				<td><input type='password' name='newpass' /></td>
			</tr>
			<tr>
				<td>Confirm Password:</td>
				<td><input type='password' name='confirmpass' /></td>
			</tr>
			<tr>
				<td></td>
				<td><input type='submit' name='resetpass' value='Reset Password' /></td>
			</tr>
			</table>
			</form>";
		}
		else
			echo "Please login to access this page. <a href='./login.php' Login here</a>";
	
?>
Link to comment
https://forums.phpfreaks.com/topic/280530-hashing-error/
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.