Jump to content

Query about how to retrieve a password from the database and compare to the one the user has entered


Paul_Withers

Recommended Posts

  • Replies 56
  • Created
  • Last Reply

Hi Jazzman, I have successfully allowed the user to login and pass all the session variables. However my changepasswordcheck.php file has stopped working. The script runs, says the password has been changed, but neither the password or salt_password fields are updated.

 

Here is what I got

<?php

session_start();
error_reporting(E_ALL);
ini_set('display_errors', '1');

require( 'database.php' );

include('includes/overall/header.php');

$username = $_SESSION['loggedinuser'];
$password_again = mysqli_real_escape_string($con, md5( $_POST['password_again']));

//If I delete the line below the script does not run

$password = mysqli_real_escape_string($con, md5( $_POST['password']));

$salt = md5(uniqid(rand(), true));
$pass = md5($_POST['password'].$salt,true);

if	(isset($password, $password_again)) {
	
if( strlen( $password ) < 8 )
    {
        echo "Password Must Be 8 or More Characters.";
    }
elseif 
		( strlen( $password_again ) < 8 )
    {
        echo "Password again Must Be 8 or More Characters.";
    }
elseif
($password !== $password_again) 
    {
        echo "Password and Password again must match.";
    }
     else {

        require( 'database.php' );

// Define a query to run 
$query = "UPDATE `user` SET `password` = '$pass' AND `salt_password` = '$salt' WHERE `username` = '$username'"; 

// Query the database 
$result = mysqli_query($con,$query); 

// Check if the query failed 
if( !$result ) 
{ 
   die('There was a problem executing the query ('.$query.'):<br>('.mysqli_errno($con).') '.mysqli_error($con)); 
} 

else { 

	echo 'Password has been changed';
}    
}
}
include('includes/overall/footer.php');
        
// Close the connection 
mysqli_close($con); 
?>

Thanks for your help again :)

Link to comment
Share on other sites

just because an update query runs without any errors, doesn't mean that it actually updated the row, if the WHERE clause if false. you should also be testing if the number of rows updated is greater then zero.

 

to debug the problem of why the update query isn't updating the data, have you echoed the $query variable so that you know it contains what you expect?

Link to comment
Share on other sites

You need to set the second parameter of md5() hash function to false rather than true (or you could omit it entirely).

For more information checkout the manual of the function.

$pass = md5($_POST['password'].$salt,true);

// must be

$pass = md5($_POST['password'].$salt,false);

// or

$pass = md5($_POST['password'].$salt);

Your update statement is now correct.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.