Jump to content

Query about how to retrieve a password from the database and compare to the one the user has entered


Go to solution Solved by Paul_Withers,

Recommended Posts

  • Replies 56
  • Created
  • Last Reply

Top Posters In This Topic

Hi Jazzman, I have successfully allowed the user to login and pass all the session variables. However my changepasswordcheck.php file has stopped working. The script runs, says the password has been changed, but neither the password or salt_password fields are updated.

 

Here is what I got

<?php

session_start();
error_reporting(E_ALL);
ini_set('display_errors', '1');

require( 'database.php' );

include('includes/overall/header.php');

$username = $_SESSION['loggedinuser'];
$password_again = mysqli_real_escape_string($con, md5( $_POST['password_again']));

//If I delete the line below the script does not run

$password = mysqli_real_escape_string($con, md5( $_POST['password']));

$salt = md5(uniqid(rand(), true));
$pass = md5($_POST['password'].$salt,true);

if	(isset($password, $password_again)) {
	
if( strlen( $password ) < 8 )
    {
        echo "Password Must Be 8 or More Characters.";
    }
elseif 
		( strlen( $password_again ) < 8 )
    {
        echo "Password again Must Be 8 or More Characters.";
    }
elseif
($password !== $password_again) 
    {
        echo "Password and Password again must match.";
    }
     else {

        require( 'database.php' );

// Define a query to run 
$query = "UPDATE `user` SET `password` = '$pass' AND `salt_password` = '$salt' WHERE `username` = '$username'"; 

// Query the database 
$result = mysqli_query($con,$query); 

// Check if the query failed 
if( !$result ) 
{ 
   die('There was a problem executing the query ('.$query.'):<br>('.mysqli_errno($con).') '.mysqli_error($con)); 
} 

else { 

	echo 'Password has been changed';
}    
}
}
include('includes/overall/footer.php');
        
// Close the connection 
mysqli_close($con); 
?>

Thanks for your help again :)

just because an update query runs without any errors, doesn't mean that it actually updated the row, if the WHERE clause if false. you should also be testing if the number of rows updated is greater then zero.

 

to debug the problem of why the update query isn't updating the data, have you echoed the $query variable so that you know it contains what you expect?

  • Solution

Thanks Jacques

 

 

$query = "UPDATE `user` SET `password` = '$pass', `salt_password` = '$salt' WHERE `username` = '$username'"; 

 

 

Is the correct query

You need to set the second parameter of md5() hash function to false rather than true (or you could omit it entirely).

For more information checkout the manual of the function.

$pass = md5($_POST['password'].$salt,true);

// must be

$pass = md5($_POST['password'].$salt,false);

// or

$pass = md5($_POST['password'].$salt);

Your update statement is now correct.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.