CODEWITHSUNDEEP
phpmysqlpasswords
Theo
Theo

Reputation: 3139

Update password with php/mysql

Yesterday I have posted some code asking how the user can update a password through a form. Look here

However after updating the password, I couldn't login though my android app. So I decided to change a bit the forgotpassword.php file. 

<?php
session_start();
require "../init.php";
ini_set('display_errors', 1);



if(isset($_POST['update'])){


    $email = $_POST['email'];
    $user_name = $_POST['user_name'];
    $password = $_POST['user_pass'];
    $passwordEncrypted = sha1($user_pass); 

    $confpassword = $_POST['confirm_pass'];
    $confPasswordEncrypted = sha1($confirmPass);  

    if($password !== $confpassword){
       echo "<script>alert('Passwords are not equal')</script>";
    }else{
        $select_query = "SELECT * FROM user_info";

        $run_select_query = mysqli_query($con,$select_query); 

        while ($row_post=mysqli_fetch_array($run_select_query)){

              $_SESSION['id'] = $row_post['id'];
              $user_id = $_SESSION['id'];
              $useremail = $row_post['email'];
              $username = $row_post['user_name'];

              var_dump($user_id);

            if($useremail == $email AND $username == $user_name){
                //echo "<script>alert('$useremail')</script>";
                //echo "<script>alert('$username')</script>";
                echo "<script>alert('$id')</script>";
                $update_posts = "UPDATE user_info SET user_pass='$passwordEncrypted',confirm_pass ='$confPasswordEncrypted'  
                WHERE $id='$_userid'";  

                $run_update = mysqli_query($con,$update_posts); 
                //var_dump($user_name);
            echo "<script>alert('Password Has been Updated!')</script>";
            }else{
             echo "<script>alert('No email or username was found')</script>";
            }

        }

    }

}
?>

But now the password is not updated as it was before. There is something wrong in the update statement or a line before that. The $_SESSION['id'] is not null so the select query works fine.

Any ideas?

Thanks.

Upvotes: 0

Views: 8373

Answers (4)

Theo
Theo

Reputation: 3139

Ok. I have changed the code and made it work. So this is what I am doing.

1) I run a select query to check if the user is already registered. If yes then update the password and send a new one in his email.

2) If not then you get a json response in my android app saying that the user email is not found.

3) And finally the user can login with his updated 5 digit password:).

<?php
 require "init.php";
 $email = $_POST['email'];



  if($email){
        $select_query = "SELECT * FROM user_info";

        $run_select_query = mysqli_query($con,$select_query); 

        while ($row_post=mysqli_fetch_array($run_select_query)){

            $id = $row['id'];
            $usermail = $row_post['email'];
            $username = $row_post['user_name'];



        }
            if($usermail == $email){
                $don = array('result' =>"success","message"=>"user mail found.");

                $random = rand(72891, 92729);
                $new_pass = $random;

                $email_password = $new_pass;
                $new_pass = sha1($new_pass);

                $update_pass = "update user_info set user_pass='$new_pass',confirm_pass='$new_pass' where user_name='$username'";

                $run_update = mysqli_query($con,$update_pass); 


                    $subject = "Login information";

                    $message = "Your password has been changed to $email_password";

                    $from = "From: [email protected]";

                    mail($email,$subject,$message,$from);

                $don = array('result' =>"success","message"=>"your password has been updated. Please check your email");



            }else{
                $don = array('result' =>"fail","message"=>"user mail not found.");
            }
        }else{
            $don = array('result' =>"fail","message"=>"please enter your email");
        }

   echo json_encode($don);
?>

Upvotes: 0

Muhammad Hasham
Muhammad Hasham

Reputation: 45

Your update query should be like this :

$update_posts = "UPDATE user_info 
    SET
           user_pass='$passwordEncrypted',
           confirm_pass ='$confPasswordEncrypted' 
    WHERE id = $user_id";

Upvotes: 1

Dipanwita Kundu
Dipanwita Kundu

Reputation: 1667

Update your select query:

$select_query = "SELECT * FROM user_info where email = '".$email."' and user_name = '".$username."' ";

and then check if mysqli_num_rows(). If it > 0 then only execute the update query & put the data in the session.

Also your update query is not proper.It should be : 

$update_posts = "UPDATE user_info SET user_pass='$passwordEncrypted',confirm_pass ='$confPasswordEncrypted'  
                WHERE $id='$userid'";

Upvotes: 1

Pathik Vejani
Pathik Vejani

Reputation: 4491

typo in where clause. WHERE $id='$_userid'";

change update query's where clause to this: WHERE $id='$user_id'";

Upvotes: 3

Related Questions