Jump to content

Hashing Error

codingdreamer

By codingdreamer
in PHP Coding Help

 Share
Go to solution Solved by requinix,

Recommended Posts

codingdreamer Newbie

codingdreamer

Posted
Posted

Hi All,

I'm trying to establish a change password script but the SHA256 hash is giving me issues. I get "An error has occured and your password was not reset.";  however, when I go to check the DB, I've notice the password hash has been changed along with the old password. So both the new/old password is no good, forcing me to delete the username. Any way I can correct this?

 

Thanks,

<?php
	
		if ($username && $userid) {
			
			if($_POST['resetpass']){
				//get the form data
				$pass = mysql_real_escape_string(htmlentities($_POST['pass']));
				$newpass = mysql_real_escape_string(htmlentities($_POST['newpass']));
				$confirmpass = mysql_real_escape_string(htmlentities($_POST['confirmpass']));
				
				//make sure all data was entered
				if ($pass){
					if ($newpass){
						if ($confirmpass){
							if ($newpass === $confirmpass) {
							$password = hash("sha256",$password);
								
							//include login info
				include ('connect.php');
				
				//connect
				$connection =mysql_connect($db_host, $db_user, $db_pass);
				if(!$connection){
					die ("Could not connect to database: <br />".mysql_error());
				}
				
				//select database
				$db_select = mysql_select_db($db_database);
				if (!$db_select){
					die ("Could not select to database: <br />". mysql_error());
				}
												
								//make sure the current password is correct
								$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
								$numrows = mysql_num_rows($query);
								if ($numrows == 1){
									//encrypt new pass
									$newpassword = hash("sha256",$password);
									
									//update db with new pass
									mysql_query("UPDATE users SET password='$newpassword' WHERE username='$username'");
									
									//make sure password was changed
									$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$newpassword'");
									$numrows = mysql_num_rows($query);
									if (numrows == 1){
										echo "Your password has been reset.";
									}
									else
										echo "An error has occured and your password was not reset.";
					
									
								}
								else
									echo "Your current password is incorrect.";
								
								mysql_close();
							}
							else
								echo "Your new password did not match.";
						
						}
						else
							echo "You must confirm your new password.";
					
					}
					else
						echo "You must enter your new password.";
				
				}
				else
					echo "You must enter your current password.";
			}
			echo "<form action='./resetpass.php' method='post'>
			<table>
			<tr>
				<td>Current Password:</td>
				<td><input type='text' name='pass' /></td>
			</tr>
			<tr>
				<td>New Password:</td>
				<td><input type='password' name='newpass' /></td>
			</tr>
			<tr>
				<td>Confirm Password:</td>
				<td><input type='password' name='confirmpass' /></td>
			</tr>
			<tr>
				<td></td>
				<td><input type='submit' name='resetpass' value='Reset Password' /></td>
			</tr>
			</table>
			</form>";
		}
		else
			echo "Please login to access this page. <a href='./login.php' Login here</a>";
	
?>
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.