PHP Difficulty understanding error

Asked

Viewed 62 times

-1

The code is responsible for updating the user’s password in case they forget and generate a new hash to recover the password, I do this so that the password recovery link works only once. The current behavior is as follows: The first password change works normally, however, if you open the same link used the first time, which already had its token overwritten, the code of the successful change message, but the update does not work. I need that when the update fails, drop inside the if and print the error message to the user.

<?php
require_once("../../requires/connect.php");   // Conexao com o banco de dados
require_once("../../requires/bcrypt.php");    // Classe Responsavel pela criptografia
require_once("../../requires/functions.php"); // Funcoes

// criptografa a senha digitada
$hash_pass = Bcrypt::hash($_POST['senha']);
$update = "UPDATE usuario SET senha = '$hash_pass' WHERE recuperar_senha = '{$_POST['recuperar_senha']}'";
if ($mysqli->query($update) === FALSE) { // Caso falhe, informa o usuario e pede para tentar novamente
    Functions::alertaRedirect("Falha ao realizar a troca, tente novamente.", "../definir_senha.php??zeqe0eZoda28goklt3W0={$_POST['recuperar_senha']}");
}
// Gera novo hash para recuperar senha
$novo_pass_rec = Bcrypt::generateRandomHash();
// Salva o novo hash de recuperacao de senha no bd
$update = "UPDATE usuario SET recuperar_senha = '$novo_pass_rec' WHERE recuperar_senha = '{$_POST['recuperar_senha']}'";
if ($mysqli->query($update) === FALSE) { // Caso falhe, informa o usuario e pede para tentar novamente
    Functions::alertaRedirect("Falha ao realizar a troca, tente novamente.", "../definir_senha.php??zeqe0eZoda28goklt3W0={$_POST['recuperar_senha']}");
}
Functions::alertaRedirect("Troca Realizada com sucesso!", "../../../index.html"); // Informa o usuario que a troca foi bem sucedida.
?>
  • 1

    The question is: if the token has been overwritten your UPDATE will change a total of zero records. That is, UPDATE runs successfully. Why not check if the password has been changed by checking whether mysqli->affected_rows is equal to 1? If it is 0 the token no longer exists - if it is greater than 1 something very worrying happened.

  • Okay, I’ll take the test and let you know if it worked, thank you!

  • I did but did not understand/managed to make it work, I believe I am doing it wrong: $update = "UPDATE user SET password = '$hash_pass' WHERE recovers password = '{$_POST['recover password']}'"; if ($mysqli->affected_rows == 0) { error message }

  • 1

    You still need to run the query, but it is not the result of it that should check and yes the affected_rows.

  • It worked, thank you.

1 answer

2


With the help of Anderson, I managed to solve the problem. The final code is as follows:

$update = "UPDATE usuario SET senha = '$hash_pass' WHERE recuperar_senha = '{$_POST['recuperar_senha']}'";
$mysqli->query($update);
if (mysqli_affected_rows($mysqli) == 0) { // Caso falhe, informa o usuario e pede para tentar novamente
    Functions::alertaRedirect("Token expirado, solicite a troca de senha novamente!", "../definir_senha.php??zeqe0eZoda28goklt3W0={$_POST['recuperar_senha']}");
}

The same reasoning applies to the second IF. Now the code checks how many lines have been changed, if not one, the error message is printed correctly.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.