I have the following code,I have created a form for attemting a scheme of changing the password for the user. i have hashed my password and stored it in the database. Now in the database it looks like, "980a3a0b40df9a1". Whenever i enter the changed password in the form it throws an error of in-correction. I have to enter the complete hashed password for it. I want to know how can i get the unhashed passwords for form?
<?php
session_start();
include_once("../includes/connection.php");
$msg = '';
//posting variables!
if(isset($_POST['old_password']) && isset($_POST['n_password']) && isset($_POST['new_password'])){
$old_pass = mysql_real_escape_string($_POST['old_password']);
$password = mysql_real_escape_string($_POST['n_password']);
$new_pass = mysql_real_escape_string($_POST['new_password']);
//defining session variable
if (isset($_SESSION['user_name'])){
$username = $_SESSION['user_name'];
// Passing and reading up the password
$query_pass = "SELECT * ";
$query_pass .= "FROM users ";
$query_pass .= "WHERE user_name = '".$_SESSION['user_name']."' ";
$query_pass .= "LIMIT 1";
$result_set = mysql_query($query_pass) or die(mysql_error());
$pass_rows = mysql_num_rows($result_set) or die (mysql_error());
//reading elements row by row.
//$pass_set = mysql_fetch_array($pass_rows);
while ($pass_set = mysql_fetch_array($result_set)){
$pass_set['user_id'];
$pass_set['user_name'];
$pass_set['user_pass'];
// validating.
if(empty($old_pass)|| empty($password)|| empty($new_pass)){
$msg = "ALL THE FIELDS ARE REQUIRED";
}
else if ($pass_set['user_pass']!=$old_pass)
{
$msg = "PASSWORD DID'NT MATCH!";
}
else if ($password != $new_pass)
{
$msg = "NEW PASS DID'NT MATCH!";
}
else if ($new_pass == $old_pass)
{
$msg = "CAN NOT MATCH THE OLD PASSWORD";
}
else
{
//if the password is accepted than hashing it.
$salt = time();
$hashedPassword = sha1($new_pass . $salt);
//updating the hashed password.
$change_pass = "UPDATE users ";
$change_pass .= "SET user_pass = '".$hashedPassword."' ";
$change_pass .= "WHERE user_name = '".$_SESSION['user_name']."' ";
$change_pass .= "LIMIT 1 ";
$pass_query = mysql_query($change_pass) or die (mysql_error());
//checking query
if ($pass_query)
{
$msg = "Password Changed";
}
else
{
$msg = "Invalid";
}
}
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Example form</title>
<style type="text/css">
.container1 {
width: 500px;
clear: both;
}
.container1 input {
width: 100%;
clear: both;
}
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>Change Password</title>
</head>
<body>
<div id="container">
<div id="header">
<h1 style="text-align:left">Quality Management<span class="off"> Cell</span></h1>
</div>
<div id="menu">
<ul>
<li class="menuitem"><a href="cms.php">Home</a></li>
<li class="menuitem"><a href="cms-attendance.php">Attendance</a></li>
<li class="menuitem"><a href="cms-courses.php">Courses</a></li>
<li class="menuitem"><a href="cms-settings.php">Settings</a></li>
</ul>
<a style="text-align:right" href="cms-logout.php">Logout</a>
</div>
</div>
<div id="content" align="justify">
<div id="content_top"></div>
<div id="content_main">
<div id="wrapper">
<?php
$current_page = $_SERVER['PHP_SELF'];
?>
<form class="login-form" method ="post" action="<?php echo $current_page; ?>">
<label for="password">Old Password:</label>
<input name="old_password"/><br /><br />
<label for="password">New Password:</label>
<input name="n_password"/><br /><br />
<label for="password">Confirm new Password:</label>
<input name="new_password"/><br />
<p>
<br />
<input class="button" name="submit" type="Submit" value="Done"/>
</form>
<?php echo $msg;?>
<p> </p>
<p> </p>
<div id="content_bottom"></div>
</div>
</div>
</body>
</html>
