Hashing Error

codingdreamer · July 26, 2013

Hi All,

I'm trying to establish a change password script but the SHA256 hash is giving me issues. I get "An error has occured and your password was not reset."; however, when I go to check the DB, I've notice the password hash has been changed along with the old password. So both the new/old password is no good, forcing me to delete the username. Any way I can correct this?

Thanks,

<?php
	
		if ($username && $userid) {
			
			if($_POST['resetpass']){
				//get the form data
				$pass = mysql_real_escape_string(htmlentities($_POST['pass']));
				$newpass = mysql_real_escape_string(htmlentities($_POST['newpass']));
				$confirmpass = mysql_real_escape_string(htmlentities($_POST['confirmpass']));
				
				//make sure all data was entered
				if ($pass){
					if ($newpass){
						if ($confirmpass){
							if ($newpass === $confirmpass) {
							$password = hash("sha256",$password);
								
							//include login info
				include ('connect.php');
				
				//connect
				$connection =mysql_connect($db_host, $db_user, $db_pass);
				if(!$connection){
					die ("Could not connect to database: <br />".mysql_error());
				}
				
				//select database
				$db_select = mysql_select_db($db_database);
				if (!$db_select){
					die ("Could not select to database: <br />". mysql_error());
				}
												
								//make sure the current password is correct
								$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
								$numrows = mysql_num_rows($query);
								if ($numrows == 1){
									//encrypt new pass
									$newpassword = hash("sha256",$password);
									
									//update db with new pass
									mysql_query("UPDATE users SET password='$newpassword' WHERE username='$username'");
									
									//make sure password was changed
									$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$newpassword'");
									$numrows = mysql_num_rows($query);
									if (numrows == 1){
										echo "Your password has been reset.";
									}
									else
										echo "An error has occured and your password was not reset.";
					
									
								}
								else
									echo "Your current password is incorrect.";
								
								mysql_close();
							}
							else
								echo "Your new password did not match.";
						
						}
						else
							echo "You must confirm your new password.";
					
					}
					else
						echo "You must enter your new password.";
				
				}
				else
					echo "You must enter your current password.";
			}
			echo "<form action='./resetpass.php' method='post'>
			<table>
			<tr>
				<td>Current Password:</td>
				<td><input type='text' name='pass' /></td>
			</tr>
			<tr>
				<td>New Password:</td>
				<td><input type='password' name='newpass' /></td>
			</tr>
			<tr>
				<td>Confirm Password:</td>
				<td><input type='password' name='confirmpass' /></td>
			</tr>
			<tr>
				<td></td>
				<td><input type='submit' name='resetpass' value='Reset Password' /></td>
			</tr>
			</table>
			</form>";
		}
		else
			echo "Please login to access this page. <a href='./login.php' Login here</a>";
	
?>

requinix · July 26, 2013

Open up your php.ini and change the settings:

error_reporting = -1
display_errors = on

Then restart your server and run the script. You'll get a warning message pointing you to the problem.

codingdreamer · July 26, 2013

Open up your php.ini and change the settings:
error_reporting = -1
display_errors = on
Then restart your server and run the script. You'll get a warning message pointing you to the problem.

Genius. Pure Genius. Thanks!

Sign In

Hashing Error

Recommended Posts

codingdreamer

Link to comment

Share on other sites

requinix

Link to comment

Share on other sites

codingdreamer

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information