9 Replies - 1772 Views - Last Post: 04 November 2011 - 08:17 AM Rate Topic: -----

#1 Syfer  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 190
  • Joined: 08-October 10

change password issues

Posted 04 November 2011 - 06:30 AM

i'm making a change password page where users can change their password
and my problem is how can i possibly decrypt or any other way to
compare the inputted password if it matches the password in the database?

well here's my code
<?php
		echo '<a href="index2.php?action=Change password">Change password</a></td>';			
		if(isset($_REQUEST["action"]) && $_REQUEST["action"] == "Change password" && $_SESSION['userid']){
				$id=$_SESSION['userid'];
				$query = mysql_query("SELECT * FROM users_info WHERE userid='$id'") or die(mysql_error());
				$row = mysql_fetch_array($query);
				echo "<div style=\"position:absolute;top:0;right:180;z-index:1;background-color:FFFFFF;border:1px solid black;\">";
				echo "Change password<br/><br/>";		
				echo "<form method='post' action='index2.php'>";
				echo "user id: <input type='text' disabled='disabled' name='aa' value='$id'><br/>";
				echo "<input type='hidden'  name='a' value='$id'><br/>";
				echo "Old password: <input type='password' name='password'><br/>";
				echo "New password: <input type='password'  name='newpass' ><br/>";
				echo "Confirm Password: <input type='password'  name='confpass' ><br/>";	
				echo "<input type='submit' value='edit' name='editor' />";
				echo "<a href='index2.php'>back</a>";
				echo "</form>";
				
				
				
				echo "</div>";
				
				 
				}
		if(isset($_REQUEST['editor'])){
		 $newpass = mysql_real_escape_string($_REQUEST['newpass']);
		 $confpass = mysql_real_escape_string($_REQUEST['confpass']);
		 
		if(md5($_POST['password']) != $row['password']){
            echo "You entered an incorrect password";
         }else if($newpass!=$confpass){
				echo "The new password and confirm new password fields must be the same";
			}else
          $sql=mysql_query("UPDATE users_info SET password='$newpass' where userid='".$_SESSION['userid']."'");
		if($sql){
          echo "Congratulations You have successfully changed your password";
		  echo '<meta http-equiv="refresh" content="0;url=index2.php">';
	       exit;
		}
	
}
?>



Is This A Good Question/Topic? 0
  • +

Replies To: change password issues

#2 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2834
  • View blog
  • Posts: 9,740
  • Joined: 08-August 08

Re: change password issues

Posted 04 November 2011 - 06:53 AM

I'd do it this way:
$id = find_existing_user($_POST['username'],$_POST['password']);
if($id > 0) {
	change_password($id,$_POST['newpass']);
}



function find_existing_user($username, $password) {
	/*
	Code to find userid with username and password.
	*/
	if(!$found) { 
		$userid = -1;
	}
	return $userid;
}

function change_password($userid, $newpassword) {
	/*
		Code to change password
	*/
}

This post has been edited by CTphpnwb: 04 November 2011 - 06:55 AM

Was This Post Helpful? 0
  • +
  • -

#3 Jstall  Icon User is offline

  • Lurker
  • member icon

Reputation: 434
  • View blog
  • Posts: 1,042
  • Joined: 08-March 09

Re: change password issues

Posted 04 November 2011 - 06:55 AM

Hi,

Assuming that your password is hashed using md5 and that $row['password'] contains the users hashed password then you are already comparing the password that was input with the password in the database with this line:
if(md5($_POST['password']) != $row['password']){



You may want to look at using something more secure than md5. creativecoding wrote a tutorial on migrating an existing database to a more secure type of hash, it can be found here

This post has been edited by Jstall: 04 November 2011 - 06:56 AM

Was This Post Helpful? 0
  • +
  • -

#4 Syfer  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 190
  • Joined: 08-October 10

Re: change password issues

Posted 04 November 2011 - 07:04 AM

View PostCTphpnwb, on 04 November 2011 - 06:53 AM, said:

I'd do it this way:
$id = find_existing_user($_POST['username'],$_POST['password']);
if($id > 0) {
	change_password($id,$_POST['newpass']);
}



function find_existing_user($username, $password) {
	/*
	Code to find userid with username and password.
	*/
	if(!$found) { 
		$userid = -1;
	}
	return $userid;
}

function change_password($userid, $newpassword) {
	/*
		Code to change password
	*/
}


is there any other way ? aside from using the function() thing?
Was This Post Helpful? 0
  • +
  • -

#5 macosxnerd101  Icon User is offline

  • Self-Trained Economist
  • member icon




Reputation: 10185
  • View blog
  • Posts: 37,603
  • Joined: 27-December 08

Re: change password issues

Posted 04 November 2011 - 07:04 AM

You should always store a hashed and salted password in your database, and hash and salt the password retrieved from the user.

Regarding $_REQUEST, I would avoid it, as it combines $_GET and $_POST, but more importantly, $_COOKIE values overwrite the corresponding $_GET or $_POST values if there is an overlapping key. Just stick with the $_GET and $_POST superglobals.
Was This Post Helpful? 2
  • +
  • -

#6 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2834
  • View blog
  • Posts: 9,740
  • Joined: 08-August 08

Re: change password issues

Posted 04 November 2011 - 07:12 AM

View PostSyfer, on 04 November 2011 - 10:04 AM, said:

is there any other way ? aside from using the function() thing?

Functions are your friends. They make writing code easy, especially compared to the way you're doing it.
Was This Post Helpful? 1
  • +
  • -

#7 Syfer  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 190
  • Joined: 08-October 10

Re: change password issues

Posted 04 November 2011 - 07:36 AM

View PostCTphpnwb, on 04 November 2011 - 07:12 AM, said:

View PostSyfer, on 04 November 2011 - 10:04 AM, said:

is there any other way ? aside from using the function() thing?

Functions are your friends. They make writing code easy, especially compared to the way you're doing it.



Then how would i implement your code inside my code ?
since i never tried using function()
<?php
include("connect.php");
?>
<?php
if(!isset($_SESSION['userid'])){
		header("Location:index.php");
 }else{
      $result = mysql_query("select * from users_info where userid='".$_SESSION['userid']."'");
      $row = mysql_fetch_array($result);


}
if(isset($_POST['mitten'])){
  $oldpass = md5($_POST['oldpass']);
   $newpass = $_POST['newpass'];
    $confpass = $_POST['confpass'];
	if($oldpass=! $row['password']){ 
	   echo "<div style='align:center;'>Incorrect password</div>";  
	}else if($newpass=!$confpass){
	  echo "<div style='align:center;'>New password and Confirm password mismatch</div>";
	  }else{
	   mysql_query("UPDATE users_info SET password='".md5($newpass)."' where userid='".$_SESSION['userid']."'");
	    echo '<meta http-equiv="refresh" content="0;url=index2.php">';
           exit;
} 
}
?>
<html>
<head></head>
<body>
<div>
<form method="post" action="changepass.php">
USERID: <input type='text' disabled='disabled' name='aa' value='<?php echo $_SESSION['userid'] ?>'><br/>
<input type='hidden'  name='a' value='<?php echo $_SESSION['userid'] ?>'><br/>
Old password:<input type="password" name="oldpass"/><br/>
New password:<input type="password" name="newpass"/><br/>
Confirm New password: <input type="password" name="confpass"/><br/>
<input type="submit" name="mitten"/><a href="index2.php"><input type="button" value="back"/></a>
</form>
</div>
</body>
</html>


This post has been edited by Syfer: 04 November 2011 - 07:47 AM

Was This Post Helpful? 0
  • +
  • -

#8 Jstall  Icon User is offline

  • Lurker
  • member icon

Reputation: 434
  • View blog
  • Posts: 1,042
  • Joined: 08-March 09

Re: change password issues

Posted 04 November 2011 - 07:47 AM

Hi,

Well, instead of a username and password your function would accept a user_id and password but the basic principle would be the same. I suggest you read the link CTphpnwb gave you.

Understanding functions(and after that objects,methods,object oriented design) is imperative for pretty much any sort of programming you can do. You would do well to start trying to understand the concept now if you intend on doing anything with any complexity and want it to be remotely maintainable.
Was This Post Helpful? 2
  • +
  • -

#9 Syfer  Icon User is offline

  • D.I.C Head

Reputation: 1
  • View blog
  • Posts: 190
  • Joined: 08-October 10

Re: change password issues

Posted 04 November 2011 - 07:56 AM

Nvm , i already solved my own problem with my own way of coding :D

thanks anyways CHEERS!
Was This Post Helpful? 0
  • +
  • -

#10 CTphpnwb  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 2834
  • View blog
  • Posts: 9,740
  • Joined: 08-August 08

Re: change password issues

Posted 04 November 2011 - 08:17 AM

That just means that like Arnold, you'll be back. You'll be back because you won't be able to read/debug what you're writing now.

You really need to understand that getting code to "work" is the last thing you should be concerned about. Organization is the key to making it readable, and readable code can be edited/debugged easily. When you look back at the code you're writing now in a few days, weeks or months you're not going to be able to easily understand it.
Was This Post Helpful? 3
  • +
  • -

Page 1 of 1