Password renewal system

Asked

Viewed 121 times

0

My point is that I’m trying to make a password reset system.

[ Current password ] [ New password ] [ Swap ]

Good codes below

Settings.php

<?php

 require_once('assets/system/core.php');

     if (isset($_POST['password'])) {

    $password = mysqli_query($db, "SELECT * FROM users WHERE password = 'password'");

    if ($password->num_rows > 0) {
            while($row = $password->fetch_assoc()) {
                $userid = $row["id"];
            }
        }
    elseif(mysqli_num_rows($password) == 0)
    {
        echo '<div id="alert-error">Senha está incorreta!</div>';
        $passerror = true;
    }
}

     if (isset($_POST['npassword'])) {

    $npassword = mysqli_query($db, "UPDATE users SET password='".$_POST['npassword']."' WHERE username='".$_SESSION['loginuser']."'");

    {
        echo '<div id="alert-green">Você foi registrado corretamente!</div>';
    }
}

    echo '
    <div class="wrapper-me">
        <div class="right-content" style="margin-left: 5px">
            <div id="box" style="min-height: 400px;  max-height: 1200px;">
                <div id="blue-title" style="background: #27ae60; border: 1px solid #27ae60">
                    <h1 id="title-config">Alterar minha senha</h1>
                    <i style="color:#e0e0e0;" class="ion-edit"></i>
                </div>
                <div id="content-config" style="height: auto;">
                    <form action="" method="post" autocomplete="off">
                    <input type
                      <input type="password" name="password" placeholder="Senha atual" class="button-contn1"/>
                       <input type="password" name="npassword" placeholder="Nova senha" class="button-contn1"/>
                      <input type="submit" value="Continuar" class="button-contn">
                    </form>
                    </div> '


    ?>

He’s changing the password. But he’s not kind of confirming if the current password actually appears in the database.

Please, if anyone could help me, I’d appreciate it.

php mysql connection

  • Just one question. where did this variable come from $l_query?

  • So friend, I just edit this variable.. for password.. It was my mistake, but still the error.. it changes the password appears two messages " You changed your password correctly and the error together " but it is not checking I think.

  • First you’re leaving the fixed password comparison replaced by this $password = mysqli_query($db, "SELECT * FROM users WHERE password = '".$_POST['password']"."'"); and then you arrow an error when the password is not found $passerror = true; but you do not make any condition with it to give the error message and fail to do the update.

  • All right, buddy, thanks a lot!

2 answers

1


Good morning, I see some very wrong points in what you did. The worst is that this way it was programmed if there are 2 equal passwords will give problem.

I believe it should work as follows, I will post here the code and you adapt if necessary.

We assume that the person is logged in and you recorded their id in a session or in case you forced them to enter the login somewhere as well.

php form.

<div class="wrapper-me">
    <div class="right-content" style="margin-left: 5px">
        <div id="box" style="min-height: 400px;  max-height: 1200px;">
            <div id="blue-title" style="background: #27ae60; border: 1px solid #27ae60">
                <h1 id="title-config">Alterar minha senha</h1>
                <i style="color:#e0e0e0;" class="ion-edit"></i>
            </div>
            <div id="content-config" style="height: auto;">
                <form action="valida.php" method="post" autocomplete="off">
                    <input type
                    <input type="password" name="password" placeholder="Senha atual" class="button-contn1"/>
                    <input type="password" name="npassword" placeholder="Nova senha" class="button-contn1"/>
                    <input type="submit" value="Continuar" class="button-contn">
                </form>
            </div>
        </div>
    </div>
</div>

valida.php

<?php

if(!empty($_POST['npassword']) && !empty($_POST['password'])){
    $sql= mysqli_query($db, "UPDATE users SET password='".md5($_POST['npassword'])."' WHERE username='".$_SESSION['loginuser']."' AND password='".md5($_POST['password'])."'");
    mysqli_query($db,$sql);
    if(mysqli_affected_rows($db)>0){
        echo "Senha alterada";
    } else {
        echo "Sua senha atual não coincide!";
    }
} else {
    echo "Ambos campos de senha devem estar preenchidos";
}

?>

any questions just let me know ^^

  • All right friend already.. Thank you for the strength!

  • opa blz !! does not forget to mark as concluded

  • Excuse me, friend, one more question here if you can help me.. Well the passwords are on md5 in the bank.. then ta giving incorrect password how do i read as md5?

  • I’ll make my Cod for md5

  • Thanks friend, it worked there in the case readaptei for a page only in the action"#", and put the whole code in the same page OK result. I had to fix your code that is giving an error.. but outside this has worked out well.

  • which error q gave ?

  • Gave syntax error I think this is how you speak because it was in mysql_query ($db,$sql;); , then I tidied your code to what I edited.

  • rss now ta right ^^

Show 3 more comments

1

Friend, your logic had some problems, but I tried to make the most of what you used to avoid confusing you, the code got even uglier but the intention is you understand, if you understand the improved one.

The code is following this cycle below:

  • Check that the fields are not empty
  • Encrypts passwords that came via POST in MD5
  • Grabs the database user with the entered data
  • Checks if the old password is not the same as the current one
  • Update the user with the new password and print the success on the screen

Below is the commented code

<?php

require_once('assets/system/core.php');

// Verifica se não está vazio os campos senha atual e nova senha
if (!empty($_POST['npassword']) && !empty($_POST['password'])) {

    $pass = md5($_POST['password']);   // nova senha
    $npass = md5($_POST['npassword']);   // senha atual

    // Estou usando esse login user que você salvou na session.
    $npassword = mysqli_query($db, "SELECT * FROM users WHERE password = '$npass' and username = '".$_SESSION['loginuser']."'");

    // Verifica se ele achou algum usuario com o valor salvo na session loginuser e a senha digitada por ele
    if (mysqli_num_rows($npassword) > 0) {
        // verifica se a senha atual não é igual a antiga
        if ($pass != $npass ) {
            // caso o update ocorra corretamente ele printa o sucesso! (Recomendo usar um ID caso esse username não for uma chave primaria - PK)
            if ($password = mysqli_query($db, "UPDATE users SET password='".$_POST['npassword']."' WHERE username='".$_SESSION['loginuser']."'")) {
                echo '<div id="alert-green">Senha alterada com sucesso!</div>';
            }
            else {
                  echo '<div id="alert-error">Algum prolema foi encontrado e sua senha não foi alterada!</div>';
            }
        }
        else {
             echo '<div id="alert-error">Senha atual é igual a senha antiga!</div>';
        }


    }
    else {
        echo '<div id="alert-error">Senha atual está incorreta!</div>';
        $passerror = true;
    }
}

// Printa o form quando ele não for enviado 

echo '
<div class="wrapper-me">
    <div class="right-content" style="margin-left: 5px">
        <div id="box" style="min-height: 400px;  max-height: 1200px;">
            <div id="blue-title" style="background: #27ae60; border: 1px solid #27ae60">
                <h1 id="title-config">Alterar minha senha</h1>
                <i style="color:#e0e0e0;" class="ion-edit"></i>
            </div>
            <div id="content-config" style="height: auto;">
                <form action="" method="post" autocomplete="off">
                    <input type
                    <input type="password" name="password" placeholder="Senha atual" class="button-contn1"/>
                    <input type="password" name="npassword" placeholder="Nova senha" class="button-contn1"/>
                    <input type="submit" value="Continuar" class="button-contn">
                </form>
            </div>
        </div>
    </div>
</div> '
?>

Any doubt, tamo ai!!

@Edit

Code changed to transform passwords into md5.

  • Friend already solved, more type and if the passwords in the bank are in MD5?

  • @Leos Just use md5($pass) and compare hash with hash! If you want I change the answer using md5, just ask!

  • Please, if you can change I would appreciate it.. Thanks in advance friend.

  • @Leos Code as amended!!

  • Friend, I’m sorry to steal more time there.. I thought it was the md5.. but still giving current password is incorrect.. What can it be? Is it the primary key? I’ll try it with id here.

  • @Leos Check what’s inside the $_SESSION['loginuser'] if you’re not saving anything in Sesssion it won’t be able to find the user anyway!! The query is correct!

  • I checked here friend, with my " . $_SESSION["userid"]. " where is Primary key which is id.. nothing also same error.. of which the password is incorrect.

  • Solved here, I adapted yours with the code of a friend above.. thank you friend friend.

  • @Leos Of nothing bro!! You already solved, but I found the problem!! I switched to mysqli_num_rows($npassword) inside the if! If I have helped, leave an evaluation there :D

Show 4 more comments

Browser other questions tagged php mysql connection

You are not signed in. Login or sign up in order to post.