stackoom
  简体   繁体   中英

php current password check and update hash password

 原文  2019-02-07 19:17:35       php/ html/ mysqli

Question

I creating PHP user hash password updating script this script is not working and not showing any error message All time display Your old password is incorrect message only I have tried to do that's but it's not working I want to create user old password check and updating new password

Here is my code 

<?php
include "database/config.php";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $old_password = password_hash($_POST['old_password'], PASSWORD_DEFAULT);
    $new_password = password_hash($_POST['new_password'], PASSWORD_DEFAULT);
    $con_password = password_hash($_POST['con_password'], PASSWORD_DEFAULT);

    $stmt = $con->prepare('SELECT * FROM users WHERE user_id= ?');
    $stmt->bind_param('i', $_POST['user_id']);
    $stmt->execute();
    if ($stmt == $old_password) {
        if ($new_password == $con_password) {
            $stmt = $con->prepare = "UPDATE users SET password = ? WHERE user_id = ?";
            echo "Update Sucessfully";
        } else {
            echo "Your new Password is not match ";
        }
    } else {
        echo "Your old password is incorrect";
    }
}

Here is my html form 

<form name="form1" method="post" action="">
    <input name="old_password" type="text" id="old_password" value="" placeholder="Current Password" required>
    <input name="new_password" type="text" id="new_password" value="" placeholder="New Password" required>
    <input name="con_password" type="text" id="con_password" value="" placeholder="confirm new password" required>
    <input type="submit" name="changePass" value="change password" class="submit2" />
</form>

1 answers

solution1
 1  2019-02-07 19:31:23

What you are doing is hashing, and then comparing two hashes .. This is the incorrect way to go about it since the hashes will never exactly match (otherwise what good is encryption?) -- You are doing: 

$old_password = password_hash($_POST['old_password'], PASSWORD_DEFAULT);

When you should just be doing: 

$old_password = $_POST['old_password'];

Then it's a simple chek: 

if (password_verify($old_password, $stmt)) { {
    if ($new_password == $con_password) {
        $stmt = $con->prepare = "UPDATE users SET password = ? WHERE user_id = ?";
        echo "Update Sucessfully";
    } else {
        echo "Your new Password is not match ";
    }
 } else {
    echo "Your old password is incorrect";
 }


ALSO

As Jay mentioned .. You need to be fetching something .. You are returning an object at this point with: 

 $stmt = $con->prepare('SELECT * FROM users WHERE user_id= ?');

An Object does no good for this comparison. You need a string. If you are expecting 1 result you could add fetch_array()[0] to the end of that query. fetch_array converts your Object into a single dimensional array. The [0] simply is the array index you're wishing to assign to $stmt as such: 

 $stmt = $con->prepare('SELECT * FROM users WHERE user_id= ?'); $stmt->bind_param('i', $_POST['user_id']); $stmt->execute(); $stmt = $stmt->fetch_array()[0];

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How To Check If A Password Is A Hash - PHP php check current password error php password check with hash doesn't work PHP password_hash Check Two Hashes PHP password_hash how to check? PHP Password Hash - PHPass login with hash password php Sitefinity Password Hash in PHP Php password hash() PHP password verifcation with hash
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM