Validate and change user password with PHP

Asked

Viewed 4,748 times

1

I’m trying to get the code to check if the passwords are identical and if they were, saved in the comic book, but I don’t know what’s wrong that regardless of whether it’s identical or not it always saves.

 if (isset($_POST['salvar-senha'])) {

    $usr_id            = $_SESSION['usr_id'];
    $senha_atual       = md5(strip_tags($_POST['senha_atual']));
    $senha_nova        = md5(strip_tags($_POST['senha_nova']));
    $confirme_senha    = md5(strip_tags($_POST['confirme_senha']));

    $sql = mysql_query("SELECT usr_password FROM users WHERE usr_login = '$usr_id' ");
    $row = mysql_fetch_array($sql);
    $senha_banco = $row['usr_password'];

    if($senha_atual == "" && $senha_nova == "" && $confirme_senha == "") {
        echo "
            <script>
                alert('Os campos das senhas não podem ser nulos.');
                window.location='../configuracoes.php';
            </script>";
    } else {
        if (($senha_atual != $senha_banco) && ($senha_nova != $confirme_senha) ) {
            echo "
            <script>
                alert('As senhas não conhecidem.');
                window.location='../configuracoes.php';
            </script>";
        } else {
            if ($result=mysql_query("UPDATE users SET usr_password = '$confirme_senha' WHERE usr_id = '$usr_id' ")) {
                echo "
            <script>

                window.location='../configuracoes.php?success=yes';
            </script>";
            }
        }
    }
}
php

2 answers

6


There’s a logic error here:

if (($senha_atual != $senha_banco) && ($senha_nova != $confirme_senha) )

This is only true if the person misses both, that is, wrong current password + new password and confirmation do not match. In any other situation (except all blank), the password is saved.

You fix this by considering error any one of the two situations (not both), therefore using a OR instead of And:

if (($senha_atual != $senha_banco) || ($senha_nova != $confirme_senha))

You can also think the other way around: it’s only to save if the current password is correct And the new ones coincide:

if (($senha_atual === $senha_banco) && ($senha_nova === $confirme_senha)) {
    // salva

Otherwise, give a generic error message (do not help who is trying to bypass the system)

} else {
    // erro: senha atual incorreta ou as novas não coincidem
}

Other than that, the Javascript embedded there could be replaced by Redirects PHP itself, saving the error messages in the session.

  • Boy, I did that and now I can only say that the passwords don’t match. Until I put the 3 equal.

  • Are you sure the current password md5 matches what is in the bank? You tried to print the values to confirm?

  • Yes, both the current password matches the bank’s, as well as the new password and confirmation.

0

Check your logic, seems to be using the logical operator && (E) with the intention of functionality || (OU)

only switch operators on the first and second if

a remark without being coarse: the correct phrase is "the passwords do not match."

  • Leonardo, I hadn’t even noticed that mistake, thank you. And by the way, the error in PHP is now another, even if the 3 passwords are identical it says that they do not match.

Browser other questions tagged php

You are not signed in. Login or sign up in order to post.