stackoom
  简体   繁体   中英

Change Password PHP Issue

 原文  2014-03-02 17:12:02       php/ mysql/ sql/ mysqli

Question

I am running the following code below to try and update my current password in my database to the new one being specified in the form that is being to allow for password changes. I am entering the same passwords in both fields so I don't understand why the error is occuring. 

      <form method='post' action="changepasswordphp.php">

        <p align="center"><strong> Complete the form to change your password </strong> </p>
            <br/>
                <label><strong>Enter Old Password:</strong></label>                 
                <input name='oldpw' type='password' required='required'/>
            <br/>
            <br/>
                <label><strong>Enter New Password:</strong></label>
                <input name='newpw' type='password' required = 'required' />  
            <br/>
            <br/>
                <label><strong>Confirm New Password:</strong></label>               
                <input name='conpw' type='password' required = 'required' />
            <br/>
            <br/>
                <input type='submit' value='Submit' class ="submit" id="submit" />          
        </form>


$mysqli = new mysqli("localhost", "root", "DBPASS", "DBNAME");
if (isset($_POST['newpw'])){
$pw=$mysqli->query("SELECT userPass FROM usertable WHERE userID= '" . $_SESSION['sess_uid'] . "'");
            $row = $pw->fetch_object();
            $pawo = $row->userPass; 

if (md5($_POST['oldpw'])== $pawo){

    if (md5($_POST['newpw'])===(md5($_POST['conpw']))){
     $mysqli->query("UPDATE usertable SET userPass='" . md5($_POST['newpw']) . "' WHERE userID='" . $_SESSION['sess_uid'] . "'");
     }
    else { echo "Passwords don't match"; }
    }

else { echo "An Error Occured";}
}

?>
I am getting the error message "An Error Occured", I am unsure as to what is causing this problem. Any help would be greatly appreciated!

Thanks

1 answers

solution1
 1 ACCPTED  2014-03-02 17:22:29

I'm not explicitly familiar with the MySQLi code, but this looks wrong: 

$pw=@$mysqli->query("SELECT userPass FROM usertable WHERE userID= '" . $_SESSION['sess_uid'] . "'");
        $row = $pw->fetch_object();
        $pawo = $row->password ;

Is the password field userPass or password ? Also, don't use MD5 (use password_hash ) and don't use == for comparing hashed passwords. (use === instead)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question password issue with database change Change Password in PHP Change password not working php How to Change Password In PHP Change password using php How to change the password in PHP? change password with PHP PHP password change script PHP: change password LDAP CHANGE PASSWORD PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM