|
PHP - Problem With Md5 Password Change
Hello, I've got the following code, who doesn't change the password on the database:
<?php include "connect.php"; session_start(); session_register("session"); $new_password = $_POST['new_password']; $new_password_again = $_POST['new_password_again']; if(!isset($session['connection_status'])) { echo "<center><font face='Verdana' size='2' color=red>Sorry, Please login and use this page </font></center>"; exit;} ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Change Password</title> <script type="text/javascript" src="js/jquery.min.js"></script> <script type="text/javascript" src="js/jquery.ketchup.js"></script> <script type="text/javascript" src="js/jquery.ketchup.messages.js"></script> <script type="text/javascript" src="js/jquery.ketchup.validations.basic.js"></script> <script language="javascript" type="text/javascript" src="niceforms.js"></script> <link rel="stylesheet" type="text/css" media="all" href="niceforms-default.css" /> <link rel="stylesheet" type="text/css" media="screen" href="css/jquery.ketchup.css" /> </head> <body> <div id="container"> <fieldset> <legend>Change Password</legend> <p>Please enter your new password below</p> <form method="post" action="change_password.php" name="changepassword" id="changepassword"class="niceform" > <dl> <dt><label for="new_password">New Password:</label><br /></dt> <dd><input type="password" name="new_password" id="new_password" class= "validate(required, rangelength(4,30))" /></dd> </dl> <dl> <dt><label for="new_password_again">Password (again):</label><br /></dt> <dd><input type="password" name="new_password_again" id="new_password_again" class= "validate(required, match(#new_password))" /></dd> </dl> <dl> <dt> <dd><input type="submit" name="change_password" id="change_password" value="Change Password" /> <input type="reset" name="reset" id="reset" value="Reset" /></dd> </dt> </dl> </form> </fieldset> </div> <?php if (empty($_POST['new_password']) && empty($_POST['new_password_again'])) { ?> <div id="container"> <form method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?>" name="loginform" id="loginform" class="niceform" > <fieldset> <legend>Error</legend> <p>Please go back and complete all the fields in the form</p> <p>Click <a href="index.php">here</a> to try again.</p> </fieldset> </form> </div> <?php } else { $db_new_password=md5(mysql_real_escape_string($new_password)); $status = "OK"; $msg=""; if ( strlen($new_password) < 3 or strlen($new_password) > 10 ) { $msg=$msg."Password must be more than 3 characters in length and maximum 10 characters in length<BR>"; $status= "NOTOK"; } if (strcmp( $new_password,$new_password_again ) !=0) { $msg=$msg."Both passwords do not match<BR>"; $status= "NOTOK"; } if($status<>"OK") { echo "<font face='Verdana' size='2' color=red>$msg</font><br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>"; } else { if(mysql_query("update users set password='$db_new_password' where userid='$session[userid]'")) { echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password for better security</font></center>". $new_password ; } } } ?> <script type = "text/javascript"> $(document).ready(function() { $('#changepassword').ketchup(); }); </script> </body> </html> Similar Tutorialshi folks I have a problem with the code to change the password, it shows the message all time when I send the form: old password dont match! <?php session_start(); $user = $_SESSION['first_name']; if ($user) { //user is logged in if ($_POST['submit']) { //check fields $oldpassword = md5($_POST['oldpassword']); $newpassword = md5($_POST['newpassword']); $repeatnewpassword = md5($_POST['repeatnewpassword']); //check password against db //connect db $connect = mysql_connect("*******","****","****") or die(""); mysql_select_db("****") or die(""); $queryget = mysql_query("SELECT password FROM users WHERE username='$user'") or die("Query didnt work !!!"); $row = mysql_fetch_assoc($queryget); $oldpassworddb = $row['password']; //check password if ($oldpassword==$oldpassworddb) { //check to new password if ($newpassword==$repeatnewpassword) { //success //change password in db $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE username='$user'") or die (""); session_destroy(); die("YOUR PASSWORD HAS BEEN CHANGED.<a href='login_form.html'>RETURN</a> TO THE LOGIN PAGE"); } else die("new password dont match"); } else die("old password dont match"); } else { echo" <form action='changepassword.php' method='POST'> Old password: <input type='text' name='oldpassword'><br/> New password: <input type='password' name='newpassword'><br/> Repeat new password: <input type='password' name='repeatnewpassword'><br/> <input type='submit' name='submit' value='change password'> </form>"; } } else echo("YOU MUST BE LOGGED IN!!!!.<br><a href='login_form.html'>RETURN</a> TO THE LOGIN PAGE"); ?> please help thanks! Hi there, I've set up a basic password change that sends an email to the client when they change their password. The email notify's the client that their password has been changed and what the password is. The current problem I'm receiving is that when the user changes their password the message confirms that an email has been sent however, the email never arrives. The original email only arrives when the client changes their password again and they receive their first password change not their new password change. Can you help?? my code is below: Code: [Select] <?php $host="localhost"; // Host name $username="root"; // Mysql username $password="*******"; // Mysql password $db_name="testpwreset"; // Database name //Connect to server and select database. $con=mysql_connect("$host", "$username", "$password"); mysql_connect("$host", "$username", "$password") or die("cannot connect to server"); mysql_select_db("$db_name") or die("cannot select DB"); // value sent from form $email_to=$_POST['email_to']; $old_password=$_POST['old_password']; $new_password=$_POST['new_password']; $new_password2=$_POST['new_password2']; if ($new_password != $new_password2) {die("Your passwords do not match");} // table name $tbl_name=members; mysql_query("UPDATE $tbl_name SET password = '$new_password' WHERE email = '$email_to' AND password = '$old_password'"); // retrieve password from table where e-mail = $email_to(*****@gmail.com) $sql="SELECT password FROM $tbl_name WHERE email='$email_to' AND password = '$old_password'"; $result=mysql_query($sql); // if found this e-mail address, row must be 1 row // keep value in variable name "$count" $count=mysql_num_rows($result); // compare if $count =1 row if($count==1){ $asdf=mysql_query("UPDATE $tbl_name SET password = '$new_password' WHERE email = '$email_to' AND password = '$old_password'"); $rows=mysql_fetch_array($result); // keep password in $your_password $your_password=$rows['password']; // ---------------- SEND MAIL FORM ---------------- // send e-mail to ... $to=$email_to; // Your subject $subject="Your Tafe FTP Password"; // From $header="from: your name \<your email\>"; // Your message $messages= "Your password for login to the Orange Tafe IT Ftp Server is: $your_password \r\n"; // send email $sentmail = mail($to,$subject,$messages,$header); } // else if $count not equal 1 else { echo "Cannot find your email in our database"; } // if your email succesfully sent if($sentmail){ echo "Your Password Has Been Sent To Your Email Address."; } else { echo "Cannot send password to your e-mail address"; } ?> hello everyone, i try to make a registration script and change password script with PIN as security code, registration script was working perfect, but change password script didn't work. here i give a full code for you to review. here link to file Test.7z I hope someone can help and give me information what i'am missing. Hello PhP Freaks forum In the past weeks ive been trying to make a website, where you can register. Everything seems to work except my cherished Change password feature. Everytime you try to change the password, it just resets it to nothing. Here is the code below. <?php if(isset($_SESSION['username'])) { $username = $_SESSION['username']; $lastname = $_SESSION['lastname']; $firstname = $_SESSION['firstname']; $email = $_SESSION['email']; echo " <h4>Options for:</h4> $username <br /> <br /> First name: $firstname <br />Last name: $lastname <br /><br /><h3>Want to change your password:</h3><br /> <form action='?do=option' method='post'> Old password <input type='password' placeholder='Has to be between 5-15 digits' name='password' size='30' value='' /><br /> <br /> New Password<input type='password' placeholder='Has to be between 5-15 digits' name='newpass' size='30' value='' /><br /> <br /> Confirm new password <input type='password' placeholder='Has to be between 5-15 digits' name='passconf' size='30' value='' /><br /> <center></div><input type='submit' value='Submit'/></center></form>"; }else{ echo 'Please login to view your options!'; } $password = $_REQUEST['password']; $pass_conf = $_REQUEST['newpass']; $email = $_REQUEST['passconf']; $connect = mysql_connect("Host", "User", "Password"); if(!$connect){ die(mysql_error()); } //Selecting database $select_db = mysql_select_db("My Database", $connect); if(!$select_db){ die(mysql_error()); } //Find if entered data is correct $result = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'"); $row = mysql_fetch_array($result); $id = $row['id']; mysql_query("UPDATE users SET password='$newpass' WHERE username='$user'") ?> And i do know that i dont have a if(Empty($newpass)){ Die(Please fill out the new password) } Or any security on the others, but the problem just seems that it resets the password into nothing Hope i can get this fixed Best Regards William Pfaffe Hi there I'm a newbie to all of this so please be gentle! I am starting up my own online business and I am feeling my way through PHP. I have been doing ok so far but I'm having problems with the "change your password" function. I change the password, I receive a reactivation email, but when I try to log in with the new password it hasnt changed. Code I'm using as follows: <?php // process.php include 'config.php'; if(isset($_POST['changepassword'])) { $current = trim($_POST['current']); $new = trim($_POST['new']); $confirm = trim($_POST['confirm']); $pw = md5($current); $query = mysql_query("SELECT * FROM Users WHERE Password = '$pw' LIMIT 1") or die(mysql_error()); if(mysql_num_rows($query) > 0) { while($row = mysql_fetch_array($query)) { if ( $_POST['new'] == $_POST['confirm'] ) {}else{ echo '<script>alert("Your passwords were not the same, please enter the same password in each field.");</script>'; echo '<script>history.back(1);</script>'; exit; } $password = md5($new); $do = mysql_query("UPDATE Users SET Password = '$password' WHERE Password = '$pw' LIMIT 1") or die(mysql_error()); $dotwo = mysql_query("UPDATE Users SET Activated = 0 WHERE Password = '$password' LIMIT 1") or die(mysql_error()); $send = mail($row['Email'] , "Password changed" , "Your password has been changed to: ".trim($_POST['new'])."\n\nYou can change it again via the members only panel, but first you must re-activate your account:\nhttp://www.infinite-monkey.co.uk/activate.php?id=".$row['Actkey']."\n\nDo not reply to this email, it is automated. Thanks." , "From: auto@mailer.com"); if((($do)&&($dotwo)&&($send))) { echo '<script>alert("Password changed. You will now be logged out and you must re-activate your account, check your email, a confirmation email has been sent.");</script>'; echo '<script>location.replace("logout.php");</script>'; exit; } else { echo '<script>alert("There appears to have been an error in the script. 1 or 2 of 3 things may have happened:\n\n• Your password could have been reset/changed\n• Your account could have been deactivated, see the resend validation email page\n• Your email may not have been sent.\n\nYou will now be logged out, if you are not able to login, reset your password using the form, or resend the validation email to activate your account again.\n\nWe are sorry for the inconvenience.");</script>'; echo '<script>location.replace("logout.php");</script>'; exit; } } } else { echo '<script>alert("Incorrect password.");</script>'; echo '<script>history.back(1);</script>'; exit; hi i've been asked to create a change password form for a friends band website, and ive come up with this code (below) and im having trouble to get it to work, i have the Database connecting, (i am able to log users in), also im not sure if my IF statements are set up correctly. When i go to change password, it looks as if the page is just refreshing its self with no errors coming up. any help would be very appreciated Thanks in advance <?php session_start(); require("db_connect.php"); $username = $_POST['uname']; $password = $_POST['pword']; $npass = $_POST['nPass']; $cnpass = $_POST['cnPass']; $sql = "SELECT * FROM login_details WHERE username='$username' AND password='$password'"; $results = mysql_query($sql, $connect); $numofrows = mysql_num_rows($results); if ($numofrows == 0) { if ($npass == $cnpass) { $sql = "UPDATE login_details SET password='$npass' WHERE username='$username'"; header("Location: secure_page.php"); die(); } else { $_SESSION['error2']= "Passwords Do Not Match"; header("Location: change_pass.php"); die(); } } else { $_SESSION['error1']= "Icorrect Username Or Password"; header("Location: change_pass.php"); die(); } ?> Hi, I'm trying to change the password after logging in to web site. Following is the code that change the password. However, the password is not changing in the table. Please let me know if I'm making any error in below code. Thanks. Code: [Select] <?php $password=mysql_real_escape_string($_POST['newpassword']); $password2=mysql_real_escape_string($_POST['confirmnewpassword']); if ( strlen($password) < 5 or strlen($password) > 12 ){ echo "Password must be more than 5 char legth and maximum 12 char lenght<BR>"; } if ( $password <> $password2 ){ echo "Both passwords are not matching"; } if($password == $password2){ if(mysql_query("update users set password='$password' where empid='$_SESSION[login]'")){ echo "<font face='Verdana' size='2' ><center>Thanks <br> Your password changed successfully. Please keep changing your password every 2 monthsfor better security</font></center>"; } } Hi folks! Upon registering, my register script runs an md5 hash on the password. My problem is when the user wants to change passwords. currently I have a very simple profile, and when they edit it, it doesn't rehash the password- it simply replaces the entire hashed old password with the plain, new password. Any way I could get the script to rehash the password? editprofile.php <?php include('config.php'); include('header.php'); if($_SESSION['id']=="") { header("Location: YouMustLogInNotice.html"); } if(isset($_POST['btnedit'])){ $callname = $_POST['callname']; $email = $_POST['email']; $password = $_POST['password']; $sql = mysql_query( "UPDATE users SET callname='".$callname."', email='".$email."', password='".$password."' WHERE id='".$_SESSION['id']."'" ); if($sql){ echo "<script>alert('profile updated');window.location='myprofile.php?id=$userfinal'</script>"; }else{ echo "<script>alert('updating profile failed!');</script>"; } } $sql = mysql_query( "SELECT * FROM users WHERE id='".$_SESSION['id']."'" ); $row = mysql_fetch_array($sql); $user = $userfinal; echo "<td align=center> <div id=box> <table width='100%'> <tr> <td><h2>Edit profile</h2> <form method='post'> <table><tr><th>ID#:</th><td>".$user."</td></tr> <tr><th>Name:</th><td><input type='text' name='callname' value='".$row['callname']."'/></td></tr> <tr><th>Email:</th><td><input type='text' name='email' value='".$row['email']."'/></td></tr> <tr><th>Password:</th><td><input type='password' name='password' value='".$row['password']."'/></td></tr> <tr><th>Registered:</th><td>".$row['registered']."</td></tr> <tr><th>Last Login:</th><td>".$row['lastlogin']."</td></tr> </table><br /> <input type='submit' name='btnedit' value='update' class=button /> </form></div></td> </tr> </table> </td></tr> </table>"; ?> <?php include('footer.php'); ?> Hey all. I am new to this forum and to PHP as a whole. I though I would try to make a login system using php and mysql. The login and register forms work great but I cannot seem to fully figure out how to let a user change their password. My code partially works. When the user types the correct old password and when the two new password forms confirm, the password changes and the database is updated and the user is taken to a page that tells him that his password was successfully changed. However, the problem is when the old password he types is different than the one in the database, the page that states password successfully changed also appears but the password is not changed in the database. The problem is thus with the SELECT statement. Can anyone please help me find whats wrong. It has been tormenting for a few hours now. Thank you in advance. . I used md5 encryption for the passwords. Here is the section of code that comes after the script makes sure that none of the forms are empty and that the passwords confirm . //Create SELECT query to verify that the old password is correct $qry="SELECT * FROM members WHERE login='" . $_SESSION['SESS_USERNAME'] . "' AND passwd='".md5($_POST['opassword'])."'"; $result = mysql_query($qry); if($result) { //Create UPDATE query to replace old password with new password $updatepasswd="Update members set passwd='".md5($_POST['npassword'])."' where login='" . $_SESSION['SESS_USERNAME'] . "' AND passwd='".md5($_POST['opassword'])."'"; $update = mysql_query($updatepasswd); //Check whether the query was successful or not if($update) { header("location: changepasswordsuccess.php"); exit(); } else { die("Query failed"); } } else { header("location: passwordchange-failed.php"); } Hello ever1 , I ve created a php password change script with validation but its nt working properly can any1 please help me with this as m new with php???? below m pasting the code : <?php session_start(); include "connection.php"; //include_once('header1.php'); $msg=""; if($_SERVER['REQUEST_METHOD']=='POST' && empty($_POST['username']) || empty($_POST['password']) || empty($_POST['newpass']) || empty($_POST['newpassconfirm']) ) { $msg="empty fields"; } { $user=$_POST['username']; $pass=$_POST['password']; $newpass=$_POST['newpass']; $confirmpass=$_POST['newpassconfirm']; $result=mysql_query("SELECT password FROM user WHERE username='$user'"); if(!$result) { $msg="The Username You Entered Does not Exist"; } elseif($pass!= mysql_result($result,0)) { echo $msg="You Entered An Incorrect Password"; } if($newpass != $confirmpass) { $msg = "Passwords do not match"; } elseif($newpass=$confirmpass) $sql=mysql_query("update user set password='$newpass' where username ='$user'"); if($sql) { echo "Congrats you have successfully changed your password."; } header('refresh:3 databases.php'); } { ?> <html> <body> <?php echo $msg ; ?> <form class="changepass" action="changepass.php" method="POST"><P> <table><tr><td> Enter ur username :</td> <td> <input type="text" name="username" /></td></tr> <tr><td>Enter ur existing pass : </td><td><input type="password" name="password" /></td></tr> <tr><td>Enter ur new pass :</td> <td><input type="password" name="newpass" /></td></tr> <tr><td>Renter ur new pass :</td> <td><input type="password" name="newpassconfirm" /></td></tr> <tr><td><input class="cpassbtn" name="Submit" type="image" value="Submit" src="passnrm.png" onmouseover="this.src='passhvr.png'" onmouseout="this.src='passnrm.png'"></td></tr> </table> </form> </body> </html> <?php }?> I'm trying to let the users change their password, but everytime I try.. it just changes the password to what they type in whether or not the password they currently have is right or not.. x_x I have the password set as an MD5 so I'm guessing I have to select the password from the database as an MD5, but I don't know how to do that.. <?php include("logincheck.php"); $newpass = $_POST['newpass']; $username = $_SESSION['username']; $password = $_POST['password']; ?> <?php include_once("header.php"); ?> Welcome to your settings. This is where you can manage everything on your account! <br><br>----------<b>Change Password</b>---------- <form action="<?php echo $_SERVER['SCRIPT_NAME']?>" method="post"> <?php $type = "text"; echo " <p>Type your current password:<br> <input size='25' name='password' type='$type'></input></p> <p>Type your new password:<br> <input size='25' name='newpass' type='$type'></input></p> <p>Verification:<br> <img src='randomimage.php'><br> <input name='txtNumber' type='text' id='txtNumber' value=''> <br>"; ?> <input type="submit" name="changepass" value="submit" /> </form> <?php if (@$_POST['changepass']) { include("haha.php"); $cxn = mysqli_connect($dbhost,$dbuser,$dbpassword,$dbdatabase); $sql = "SELECT `password` FROM `Member` WHERE `username`='$username'"; $result = mysqli_query($cxn,$sql) or die("Query died: password"); if($result = $password) //password matches { $number = $_POST['txtNumber']; if (md5($number) == $_SESSION['image_random_value']) { $sql = "UPDATE Member SET password = md5('$newpass') WHERE username = '$username'"; mysqli_query($cxn,$sql) or die("Query died: update"); }}} ?> <?php include_once("footer.php"); ?> Having a little problem with passwords, they are stored clear text and not encrypted because its for an assignment and I need to prove in the write up that users can change their passwords. Anyway when I register a user with a username and a password of say Password1, I can still login with PASSword1 or any other variation of upper and lower case characters! This is my select statement: Code: [Select] $qry = "SELECT * FROM users WHERE username='$username' AND password='$password'"; Just wondering if there is anything that can be done to this, I read somewhere about using === but that doesn't seem to be fixing the problem, it just causes the query to fail! Using MySQL if thats any help. Thanks Hi, im having trouble with the below code which is used in case user forgets password. If i enter username and ANY email, it will send there "Username" and "Password". off course i just want it to be sent only to existing email in db. any ideas? Thank you. <? include("fns.php"); include "config.php"; if(isset($_POST['Submit'])){ //1. Check if form fields are filled in if(!filledin($_POST)){ header( "Location:Messages.php?msg=7" ); exit(); } $name=$_POST['name']; $em=$_POST['mail']; //2. Check if entered name exist $query="Select pw from user where uname='$name'" or die(mysql_error()); $result= mysql_query($query); if(mysql_num_rows($result)>0){ for ($i=0; $i<mysql_num_rows($result); $i++) { $row = mysql_fetch_assoc($result); $pass=$row['pw']; $to="$em\r\n"; $from="From: \r\n"; $msg="Password:$pass\r\n"; $msg .="Username:$name\r\n"; $msg .="Your login information\r\n"; $subject=" Your Login Password\r\n"; } }else{ header( "Location:Messages.php?msg=8" ); exit(); } //4. Send password to user if(mail($to,$subject,$msg,$from)){ header( "Location:Messages.php?msg=9&email=<?php echo $em; ?>" ); exit(); //echo "Please click here to log"; }else{ header( "Location:Messages.php?msg=10"); exit(); } } Hello Everyone, I have built a simple registration form shown below and Iam trying to get the users to have their passwords encrypted and then entered into my database. I am attempting to use md5 encryption. I have also attached the database connection script. My goal is when I check my database, I want to see the following: ( id, name, username, encrypted password ) The issue I have is that the form does not process completely. All I get this error (Error: Unknown column 'd8578edf8458ce06fbc5bb76a58c5ca4' in 'field list' ). Could some tell me or show me " What is it that needs to be corrected either in my Code or SQL insert and /or my Variables" to make this work correctly. I know that its probably a very, very simple fix... Im just stuck at this point. I really appreciate your help. thanks, mrjap1 Code: [Select] <?php error_reporting(0); if($_POST['submit']) { //Begining of full IF Statment $name = $_POST['name']; $username = $_POST['username']; $password = $_POST['password']; $confirm_password = $_POST['confirm_password']; // Encrypt Pasword $enc_password = md5($password); //$enc_password2 = md5($confirm_password); // Confirm All feild were filled out when submit button was pressed if($name && $username && $password && $confirm_password) { // Confirm that the NAME that you used is NOT greater than 30 characters if(strlen($name)>24) { echo "<h2><center>YOUR NAME IS TOO LONG!!!!</center></h2><br>"; } // Confirm that the USERNAME that you used is NOT greater than 10 characters if(strlen($username)>10) { echo "<h2><center>YOUR USERNAME IS TOO LONG!!!!</center></h2><br>"; } else { // Confirm that the PASSWORD that you used MATCH & Between 6 and 15 characters if(strlen($password)>10 || strlen($password)<6) { echo "<h2><center>YOUR PASSWORD MUST BE BETWEEN 6 and 15 CHARACTERS!!!!</center></h2><br>"; } if($password == $confirm_password) { // Database Connection required require "db_conncect.php"; // We Now connect to the Dabase and insert the Form input details //------- ### ENTERING ALL INFORMATION INTO THE DATABASE BELOW ### --------// // 1. Create a database connection $con = mysql_connect("localhost","root",""); // <-- THIS IS WHERE YOU " CAN CHANGE " THE USERNAME IS "root", PASSWORD IS "" ONLY. if (!$con) { die('Database connection failed could not connect: ' . mysql_error()); } // 2. Select a database to use $db_select = mysql_select_db("registernow_2012",$con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE. if (!$db_select) { die('Database selection failed could not connect: ' . mysql_error()); } mysql_select_db("registernow_2012", $con); // <-- THE "registernow_2012" IS THE NAME OF THE DATABASE TO BE CONNECTED. // <-- THE `registernow_2012` IS THE NAME OF THE DATABASE TO BE CONNECTED.... `visitors` IS THE TABLE WITH ALL THE FIELDS WITHI IN THE DATABASE. $sql="INSERT INTO `registernow_2012`.`users` ( `id` , `name` , `username` , `$enc_password` , `confirm_password` ) VALUES ( NULL , '$_POST[name]', '$_POST[username]', '[$enc_password]', '$_POST[confirm_password]' )"; if (!mysql_query($sql,$con)) { die('Error: ' . mysql_error()); } // 3. Close Connection mysql_close($con); header("Location: index.php"); // <-- THIS IS WHERE YOU CAN CHANGE THE "Location: Thank you / Index page" of the THANK YOU PAGE. } else { echo "<h2><center>PASSWORDS MUST MATCH!!!!!</center></h2><br>"; } } //echo "<h2><center>WORKING!!!!</center></h2>"; } else echo "<h2><center>ALL FEILDS MUST BE COMPLETED</center></h2>"; } //Ending of full IF Statment ?> <!DOCTYPE html> <html lang='en'> <head> <title>THE FORM MY WAY NOW</title> </head> <div id='centerstage'> <form name="myform" action="workingitoutproperly.php" method="POST"> <p> <label>Name</label><br> <input type='text' name='name' value=''><br> <label>UserName</label><br> <input type='text' name='username' value=''><br> <label>Password</label><br> <input type='password' name='password' value=''><br> <label>Re-Enter Password</label><br> <input type='password' name='confirm_password' value=''><br> <br> <input type='submit' name='submit' value='REGISTER NOW!!'> </p> </form> </div> </html>
<?php
if (isset($_POST['reset-submit'])) {
$selector = $_POST['selector'];
$validator = $_POST['validator'];
$password = $_POST['password'];
$password2 = $_POST['password2'];
// probably better to check this earlier
if (empty($password) || empty($password2)) {
header("Location: ../create-new-password.php?newpassword=empty&selector=$selector&validator=$validator");
} elseif ($password !== $password2) {
header("Location: ../create-new-password.php?newpassword=passwordsnotmatch");
}
$currentDate = date("U");
require "dbh.inc.php";
$sql = "SELECT * FROM reset_password WHERE selector=? AND expires >= $currentDate";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error 1";
exit();
} else {
mysqli_stmt_bind_param($stmt, 'ss', $selector, $currentDate);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (!$row = mysqli_fetch_assoc($result)) {
echo 'You need to re-submit your reset request.';
exit();
} else {
$tokenBin = hex2bin($validator);
$tokenCheck = password_verify($tokenBin, $row['token']);
if (!$tokenCheck) {
echo 'You need to re-submit your reset request.';
exit();
} else {
$email = $row['email'];
$sql = "SELECT * FROM users WHERE email = $email";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error 2";
exit();
} else {
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
if (!$row = mysqli_fetch_assoc($result)) {
echo "SQL error 3";
exit();
} else {
$sql = "UPDATE users SET password=? WHERE email=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo "SQL error4 ";
exit();
} else {
$hashed_password = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, 'ss', $hashed_password, $email);
mysqli_stmt_execute($stmt);
$sql = 'DELETE FROM reset_password WHERE email=?';
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
echo 'SQL error5';
exit();
} else {
mysqli_stmt_bind_param($stmt, 's', $email);
mysqli_stmt_execute($stmt);
header("Location: ../signup.php?newpassword=updated");
}
}
}
}
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
header('Location: ../reset-password.php?reset=success');
} else {
header('Location: ../index.php');
}
I always get this errors:
Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in C:\xampp\htdocs\php_login_system-master\includes\reset-password.inc.php on line 26
But i dont find the mistake in the Code. Can someone help me please This topic has been moved to Application Design. http://www.phpfreaks.com/forums/index.php?topic=353345.0 <?php
require_once('upper.php'); require_once('database.php'); echo $error_msg=''; if(isset($_POST['submit'])) { $LoginId=mysqli_real_escape_string($dbc,trim($_POST['LoginId'])); $Password1=mysqli_real_escape_string($dbc,trim($_POST['Password1'])); $Password2=mysqli_real_escape_string($dbc,trim($_POST['Password2'])); $Name=mysqli_real_escape_string($dbc,trim($_POST['Name'])); $Age=mysqli_real_escape_string($dbc,trim($_POST['Age'])); $BloodGroup=mysqli_real_escape_string($dbc,trim($_POST['BloodGroup'])); if(!isset($_POST['Sex'])) { echo 'Please enter Sex<br>'; } else{ $Sex= mysqli_real_escape_string($dbc,trim($_POST['Sex'])); } $Qualification=mysqli_real_escape_string($dbc,trim($_POST['Qualification'])); $ContactNumber=mysqli_real_escape_string($dbc,trim($_POST['ContactNumber'])); $Email=mysqli_real_escape_string($dbc,trim($_POST['Email'])); $Address=mysqli_real_escape_string($dbc,trim($_POST['Address'])); $AboutYourself=mysqli_real_escape_string($dbc,trim($_POST['AboutYourself'])); //$countCheck=count($_POST['checkbox']); //echo $countCheck; //$checkbox=$_POST['checkbox']; //$countCheck=count($checkbox); if(empty($LoginId)){echo 'Please enter Login Id';} elseif(empty($Password1)){echo 'Please enter Password';} elseif(empty($Password2)){echo 'Please confirm Password';} elseif($Password1!==$Password2){echo 'Password didn\'t match';} elseif(empty($Name)){echo 'Please enter Name';} elseif(empty($Age)){echo 'Please enter Age';} elseif(!isset($_POST['Sex'])){} elseif(empty($Qualification)){echo 'Please enter Qualification';} elseif(empty($ContactNumber)){echo 'Please enter Contact Number';} elseif(empty($Email)){echo 'Please enter Email';} elseif(empty($Address)){echo 'Please enter Address';} elseif(empty($AboutYourself)){echo 'Please enter About Yourself';} elseif(!isset($_POST['checkbox'])){ echo 'You have to register at least one activity.';} elseif(!isset($_POST['TermsAndConditions'])){ echo 'You have to agree all Terms and Conditions of Elite Brigade.';} else { require_once('database.php'); $query="select * from registration where LoginId='$LoginId'"; $result=mysqli_query($dbc,$query); if(mysqli_num_rows($result)==0) { $checkbox=$_POST['checkbox']; $countCheck=count($_POST['checkbox']); $reg_id=' '; for($i=0;$i<$countCheck;$i++) { $reg_id=$reg_id.$checkbox[$i].','; $query="insert into activity_participation (LoginId,Title,Date) values ('$LoginId','$checkbox[$i]',CURDATE())"; $result=mysqli_query($dbc,$query) or die("Not Connected"); } $query="insert into registration (LoginId,Password,Name,Age,BloodGroup,Sex,Qualification,ContactNumber,Email,Address,AboutYourself,Activity)values ('$LoginId'[B],SHA('$Password1'),[/B]'$Name','$Age','$BloodGroup','$Sex','$Qualification','$ContactNumber','$Email','$Address','$AboutYourself',',$reg_id')"; $result=mysqli_query($dbc,$query) or die("Not Connect"); echo ' Dear '.$Name.'.<br>Your request has been mailed to admin.<br>Your account is waiting for approval<br>'; $from= 'Elite Brigade'; $to='ankitp@rsquareonline.com'; $subject='New User Registration'; $message="Dear admin,\n\nA new user request for registration. Please check it out.\n\nRegards\nMicro"; mail($to,$subject,$message,'From:'.$from); //header('Location: index.php'); // header('Location: Registration.php'); } else { echo 'Dear '.$Name. ', <br> An account already exist with login-id<b> '.$LoginId.'</b> <br>Please try another login-id'; }} } ?> <html> <head> <script src="jquery-latest.js"></script> <script type="text/javascript" src="jquery-validate.js"></script> <style type="text/css"> * { font-family: Verdana; } label.error { color: white; padding-left: .5em; } p { clear: both; } .submit { margin-left: 12em; } em { font-weight: bold; padding-right: 1em; vertical-align: top; } </style> <script> $(document).ready(function(){ $("#commentForm").validate(); }); </script> </head> <body> <?php echo $error_msg; ?> <form action='<?php echo $_SERVER['PHP_SELF'];?>' id="commentForm" method='post'> <div class="registration_and_activity"> <table border="0" width="380"> <tr><td colspan="2"> <h3>New User?</h3></td></tr> <tr><td width="120"> <em>*</em>Enter Login id</td><td width="150"><input type='text' name='LoginId' minlength="4" value='<?php if(!empty($LoginId))echo $LoginId;?>' /></td></tr> <tr><td> <em>*</em>Enter Password</td> <td><head> <div id="divMayus" style="visibility:hidden">Caps Lock is on.</div> <SCRIPT language=Javascript> function capLock(e){ kc = e.keyCode?e.keyCode:e.which; sk = e.shiftKey?e.shiftKey:((kc == 16)?true:false); if(((kc >= 65 && kc <= 90) && !sk)||((kc >= 97 && kc <= 122) && sk)) document.getElementById('divMayus').style.visibility = 'visible'; else document.getElementById('divMayus').style.visibility = 'hidden'; } </SCRIPT> </HEAD> <input onkeypress='return capLock(event)' type='password' name='Password1' value='<?php if(!empty($Password1))echo $Password1;?>' /></td></tr> <tr><td> <em>*</em>Confirm Password</td><td><input type='password' name='Password2' value='<?php if(!empty($Password2))echo $Password2;?>' /></td></tr> <tr><td width="120"> <em>*</em>Enter Name</td> <td><input type='text' name='Name' value='<?php if(!empty($Name))echo $Name;?>' /></td></tr> <tr><td> <em>*</em>Enter Age</td><HEAD> <SCRIPT language=Javascript> function isNumberKey(evt) { var charCode = (evt.which) ? evt.which : event.keyCode if (charCode > 31 && (charCode < 48 || charCode > 57)) return false; return true; } </SCRIPT> </HEAD> <td><INPUT onkeypress='return isNumberKey(event)' type='text' name='Age' value='<?php if(!empty($Age))echo $Age;?>'/></td></tr> <tr><td> <em>*</em>Enter Blood</td><td><input type='text' name='BloodGroup' value='<?php if(!empty($BloodGroup))echo $BloodGroup;?>' /></td></tr> <tr><td> <em>*</em>Enter Sex</td><td><input type='radio' name='Sex' style='width:16px; border:0;' 'value='Male' />Male <input type='radio' name='Sex' style='width:16px; border:0;' 'value='Female' />Female</td></tr> <tr><td> <em>*</em>Enter Qualification</td><td><input type='text' name='Qualification' value='<?php if(!empty($Qualification))echo $Qualification;?>' /></td></tr> <tr><td> <em>*</em>Contact Number </td><td><input onkeypress='return isNumberKey(event)'type='text' name='ContactNumber' value='<?php if(!empty($ContactNumber))echo $ContactNumber;?>' /></td></tr> <tr><td> <em>*</em>Enter Email</td><td><input type='text' name='Email'class="email" value='<?php if(!empty($Email))echo $Email;?>' /></td></tr> <tr><td> <em>*</em>Enter Address</td><td><input type='text' name='Address' value='<?php if(!empty($Address))echo $Address;?>' /></td></tr> <tr ><td > <em>*</em>About Yourself </td></tr> <tr><td colspan="2"><textarea rows='10' cols='40' name='AboutYourself' /><?php if(!empty($Address))echo $Address;?></textarea></td></tr> <tr><td> <?php echo" <tr><td colspan='2'><em>*</em><b>Select fields for which you want to register</b></td></tr>"; require_once('database.php'); $query="select * from activity"; $result=mysqli_query($dbc,$query); while($row=mysqli_fetch_array($result)){ $Title=$row['Title']; $ActivityId=$row['ActivityId']; echo "<tr><td>$Title</td>"; echo "<td><input type='checkbox' name='checkbox[]' value='$Title' style='width:14px; text-align:right;'/></td></tr>";//value=$ActivityId tells ActivityId variable extracts with name="checkbox" echo "<br/>"; } echo "<td><em>*</em><input type='checkbox' name='TermsAndConditions' style='width:14px; text-align:right;'/></td><td> I agree all <a href='TermsAndConditions.php'>Terms and conditions </a>of Elite Brigade</td></tr>"; echo "<tr><td colspan='2' align='center'><input type='submit' value='Register' name='submit' style='background:url(./images/button_img2.png) no-repeat 10px 0px; width:100px; padding:3px 0 10px 0; color:#FEFBC4; border:0;'/></td></tr><br>"; echo " </td></tr></table> </div> </form> </body> </html>"; require_once('lower.php'); ?> Hi Friends .... I encrypt user password by SHA('$Password') method but now i want to add "Forget Password Module" for which I need to decrypt it first before tell my user but I don't Know how to decrypt it. Please help me........ I wrote a bunch of code just to realize that there's a huge security hole in my script. Here's a how I've built it: 1. first you enter the new email address into the input box and click submit 2. an email gets sent to you where you have to click on an activation link to confirm the change, and of course the email gets send to the inbox to make sure it's a valid email the activation link looks as follows: Code: [Select] http://localhost/changeemail_confirm.php?id=$dbuser_id&email=$user_email The dbuser_id gets taken from the session variable, and the user email is the new entered user email. 3. After clicking the link you get directed to an activation page, I thought about letting the user enter his password and letting it match with the password in the database as added security, so he can't just change the user_id in the link so that the email of another user gets changed. the query on the activation page looks like this: "UPDATE user SET email = '$user_email' WHERE nickname = '$dbuser_name' AND WHERE user_id = '$id'"; The $id is being taking from the activation link per GET, and the $dbuser_name is being taking from the session variable. And now this is the problem where I'm stuck, even though I've added a bunch of security, and even the necessary to enter a password there's still a major security hole, which is the user can easily change the email in the activation link to something else, something that is not a valid email. E.g. this Code: [Select] http://localhost/changeemail_confirm.php?id=35&email=mail@phpmail.local can become to this, when the user manually edits the url and pastes it into his browser: Code: [Select] http://localhost/changeemail_confirm.php?id=35&email=MAIL@ANYTHING.com How can I prevent this, is there any way I could tell the script the CONFIRMED and VALID email, with a more secure way? BTW this script works as it is, it's just that the user can manually change the email to something else what makes this script worthless for now. Hello everyone. I have a problem with the local server (localhost connection). Until yesterday I used an old version of XAMPP's (version 1.6.4 with PHP 5.2.4) and last night I finally found the time to install XAMPP 1.7.3 with PHP 5.3.1. But some things that I worked under the old XAMPP-om, which are working perfectly now no longer work, and I do not know why. Please find enclosed pics that were under php4 and that now works. So I wonder where is the error and where possible errors. Also under my new PHP-om non-stop is done refresh the page and print portions of the code (as you can see from the picture). I am enable short tags support in php.ini. Thank you. PHP 5.3.1 PHP 5.2.4 |
|||||||