stackoom
  简体   繁体   中英

php old password check from database

 原文  2019-02-13 19:03:50       php/ html/ mysql

Question

I am creating PHP hash password update script this script working and updating new hash password but not checking old hash password I want to create old hash password check and update new password

Here is my code 

<?php
include("database/config.php");
if($_SERVER['REQUEST_METHOD'] == "POST"){
$old_password = $_POST['old_password'];
$new_password = $_POST['new_password'];
$con_password = $_POST['con_password'];
$stmt = $con->prepare('SELECT * FROM users WHERE user_id= ?');
$stmt->bind_param('s', $_SESSION['user_id']);
$stmt->execute();
$stmt->store_result(); 
if ($stmt->num_rows >0){
$stmt->fetch();
    $hash = password_hash($_POST['old_password'], PASSWORD_DEFAULT);
    if(password_verify($_POST['new_password'],  $hash)){
    if ($new_password == $con_password) {    
    if ($stmt = $con->prepare("UPDATE users SET password = ? WHERE user_id = ?")) {
    $stmt->bind_param('ss', $hash, $_SESSION['user_id']);
    $stmt->execute();

    echo "Updated Sucessfully";
    } 
    }else {
        echo "Your new Password is not match ";
    }
 }
  }else {
    echo "Your old password is incorrect";
 }
}
?>

This is my HTML form 

<form name="form1" method="post" action="">
<input name="old_password" type="password" id="old_password" value="" placeholder="Current Password" required>
<input name="new_password" type="password" id="new_password" value="" placeholder="New Password" required>
<input name="con_password" type="password" id="con_password" value="" placeholder="confirm new password" required>
 <input type="submit" name="changePass" value="change password" class="submit2" />
</form>

1 answers

solution1
 3 ACCPTED  2019-02-13 19:16:43

You're comparing the $old_password from the user to the $new_password from the user. This is wrong. You want to compare the $old_password from the user to what's in the database. Then, if that succeeds, save the hash of $new_password to the database. Assuming you pull the result of your SELECT into an array named $row , something like: 

if ($_POST['new_password'] !== $_POST['con_password']) {
    // new password and confirm password don't match, abort
} else {
    if (password_verify($_POST['old_password'], $row['password']) {
        // user gave good old password, so save the new one
        $hash = password_hash($_POST['new_password'], PASSWORD_DEFAULT);
        // UPDATE users SET password = :hash WHERE user_id = :user_id
        // bind $hash to :hash
        // bind $row['user_id'] to :user_id
    } else {
        // user gave bad old password, abort
    }
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP change password (old password does not match with the old password inside the database) mysqli query to check if old password inputted matches with database Retrieve hashed PHP password from database and check against a submitted password in Javascript How to make PHP code check if inserted current password is correct password from MySQL database PHP mySQL check if username and password are in the database In PHP how to check if hashed password match database password how to check codeigniter old password? Checking old password with password column in database Php Check if 2 from Database are empty PHP: Retrieve from and save hashed password to database
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM