Jump to content

MYSQLI PASSWORD RESET PROBLEMS

kayz100

By kayz100
in PHP Coding Help

 Share

Recommended Posts

kayz100 Member

kayz100

Posted
Posted
Hi guys,

You have all really helped me. I am stuck on a php5, mysqli, ajax password reset from my mysqli table called table_sers for field name 

 

usernamesand set to varchar 255. I am having problems with this script and will appreciate any elp please. I want the script t be able to 

 

validate users email address from database before allowing user to change password. I have no idea if i should put MYSQLI_ASSOC

 

//my  ph mysqli script 

<?php //pchange.php

include_once("db_gupta.php");  // this is my database path

 

if(isset($_POST["table_users"]) && isset($_POST["User_pass1"]) && isset($_POST["User_pass2"])){

$id = $_SESSION['userid'];

$password = md5($hash_pass);

$sql = "SELECT from table_users WHERE email='$email' AND password='$hash_pass' id='$id'";

$sql = "UPDATE table_users SET password ='$hash_pass' WHERE id ='$id'";

$query = mysqli_query($db_gupta, $sql);

 

if(mysqli_affected_rows()>0)

echo "Password Changed Successfully";

else

echo "Invalid ";

}

else

echo "Invalid";

?>

 

//Main password ajax and html script

 

<script language="javascript">

function submitform() {

var User_Id=document.getElementById("table_users").value.match("^\\S[0-9a-zA-Z.-]*$");

var User_pass1=document.getElementById("User_pass1").value.match("^\\S[0-9a-zA-Z.-]*$");

var User_pass2=document.getElementById("User_pass2").value.match("^\\S[0-9a-zA-Z.-]*$");

document.getElementById("User_pass1").value="";

document.getElementById("User_pass2").value="";

 

if(User_Id==null || User_pass1==null) {

alert("invalid user id/password");

document.getElementById("err").innerHTML="invalid user id/password";

return;

}

else if(User_pass2==null)

{

alert("invalid new password");

document.getElementById("err").innerHTML="invalid new password";

return;


else

{

var str="table_users=" + User_Id + "&User_pass1=" + User_pass1 + "&User_pass2=" + User_pass2;

$.ajax({

    type: "POST",

    url: "pchange.php",

    data: str,

    success: function(output){

      alert( output );

document.getElementById("err").innerHTML=msg; 

    }

  });

return;

}

}

</script>

 

<h2>Change Password</h2>

    Email: <input id="table_users" name="User_Id" type="text" /><br />

Old Password: <input id="User_pass1" name="User_pass1" type="password" /><br />

New Password: <td><input id="User_pass2" name="User_pass2" type="password" /><br />

<input name="text" onclick="submitform();" type="button" value="Submit" /> 

<input name="text" type="reset" value="Reset" /><br />

<span id="err"></span>

 

Thanks once again.

 

Link to comment
Share on other sites
PaulRyan Member

PaulRyan

Posted
Posted (edited)

The logic in the pchange.php file is flawed.

 

You are using variables that are not set in your queries ($hash_pass)

You aren't checking to make sure the record exists before changing the password.

You don't give any understandable feedback unless they have successfully changed their password.

You need to move away from MD5() hashing passwords and looking into something more secure blowfish() for example, or the phpass library

Edited by PaulRyan
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.