Request Password Change (PHP+MYSQL)

Question

Hasan_10 0 Newbie Poster

5 Years Ago

Hello i have this form and my php code skills not very good if someone make change password I would be glad thank you

<div class="col-lg-9">
                <div class="nk-box-3 bg-dark-1">
                    <form class="change-password" method="post" action="">
                        <input type="password" class="form-control input-change-password" name="opass" id="opass" placeholder="Old Password">
                        <div class="nk-gap-1"></div>
                        <input type="password" class="form-control input-change-password" name="npass" id="npass" placeholder="New Password">
                        <div class="nk-gap-1"></div>
                        <input type="password" class="form-control input-change-password" name="cnpass" id="cnpass" placeholder="Repeat New Password">
                        <div class="nk-gap-1"></div>                        
                        <button type="Update" class="nk-btn link-effect-4 ready"><span class="link-effect-inner"><span class="link-effect-l"><span>Change password</span></span><span class="link-effect-r"><span>Change password</span></span><span class="link-effect-shade"><span>Change password</span></span></span></button>
                    </form>
                </div>
            </div>

mysql php

3 Contributors
12 Replies
2K Views
4 Days Discussion Span
Latest Post 5 Years Ago Latest Post by Dani

Dani 4,329 The Queen of DaniWeb

5 Years Ago

You need to provide some more information in order for us to be able to help you. I see here you are giving us an HTML form that asks a user for an old password, and to enter a new password twice. I understand what you want to do is update the password in the database, when the form is submitted. However, you are giving no insight to what your PHP application code currently looks like, what database you're using, how passwords are stored in the database, etc.

Basically the steps that would be involved would be:

Retrieve the old password from the form
Check to see if the new password and repeat new password fields are the same
If they aren't a match, show an error that the passwords are not the same
If they are a match, compare the old password to the encrypted password for the user in the database
If they aren't a match, show an error that the old password is incorrect
If they are a match, encrypt the new password and overwrite the encrypted password field in the database

Now, how that algorithm actually gets translated into PHP code has a lot to do with what PHP framework (if any) you're using, what database you're using, what library you're using to connect to the database, the database schema, etc.

Dani 4,329 The Queen of DaniWeb

5 Years Ago

OK, so you're connecting to MySQL via PDO. I'm personally not familiar with PDO. Is there a reason you're not using something like MySQLi?

It seems as if you don't have very much experience at all with web development. Did you write this PHP yourself? Where is your PHP code to log in? Your database schema? Is this part of a larger PHP application?

Hasan_10 commented: . +0

Dani 4,329 The Queen of DaniWeb

5 Years Ago

So it looks like you are storing passwords in plain text in the database. NEVER. EVER. DO. THIS. It is incredibly insecure. Please look into PHP's password_hash() function.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

rproffitt 2,662 "Nothing to see here." Moderator · Answer 1 · 2019-04-07T21:55:04+00:00

I'm unsure if you are applying yourself here. Given https://www.google.com/search?q=PHP+PASSWORD+CHANGE+EXAMPLES&gl=US are plentiful I worry that you are not doing much research.

That aside, there are a lot of BAD EXAMPLES out there that teach password storage in insecure ways. Now your code does not reveal the usual problem where passwords are stored in the clear but if you ever find some code where the password is stored in a database then you found a bad exxample.

https://www.google.com/search?q=how+to+store+passwords+for+your+website&gl=US finds articles on that subject.

Hasan_10 0 Newbie Poster · Answer 2 · 2019-04-09T17:06:53+00:00

sorry my english not very well here is my config files

<?php

 $host = "localhost";
 $user = "root";
 $pass = "";
 $dbname = "conquer";

 try{

  $con = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8",$user,$pass);
  $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

 }catch(PDOException $ex){

  die($ex->getMessage());
 }

using accounts table i have no encryption password

Hasan_10 0 Newbie Poster · Answer 3 · 2019-04-11T19:19:11+00:00

yes i dont have very much experience code php. And yes i write myself this php just buy html template. my website just for test http://www.siriusclassic.xyz

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 4 · 2019-04-11T19:20:49+00:00

So I’m confused. You’re asking for help writing the PHP code that can be used to do a lost password reset, but you don’t have code for a signup or login?

Hasan_10 0 Newbie Poster · Answer 5 · 2019-04-11T19:32:24+00:00

i have everything done login register just i cant make password change

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 6 · 2019-04-11T19:39:23+00:00

That’s the thing. We need to see your register and login code in order to give you the code for password change.

Otherwise, without it, the best we can offer us the pseudo code I provided in my first reply above.

Hasan_10 0 Newbie Poster · Answer 7 · 2019-04-11T19:48:10+00:00

<?php
require('config.php');
session_start();
$username=htmlspecialchars(trim($_POST['username']));
$email=htmlspecialchars(trim($_POST['email']));
$password=htmlspecialchars(trim($_POST['password']));
$name=htmlspecialchars(trim($_POST['name']));

if($_POST['type'] == 'register') {

    $user = $con->query("SELECT * FROM accounts WHERE username = '{$username}'")->fetch(PDO::FETCH_ASSOC);
    if ( $user){
        echo json_encode(array(
            'success' => false,
            'error' => 'The username is already in use.'
        ));
    } else {
        $query =  $con->prepare("INSERT INTO accounts SET
        username = ?,
        email = ?,
        password = ?,
        name = ?");
        $insert = $query->execute(array(
             $username, $email, $password, $name
        ));
        if($insert) {
            $_SESSION['username'] = $username;
            echo json_encode(array(
            'success' => true
            ));
        }
    }
}

if($_POST['type'] == 'logout') {

    unset($_SESSION['username']);
    session_destroy();
     echo json_encode(array(
            'success' => true
            ));
}
if($_POST['type'] == 'login') {
    $user = $con->query("SELECT * FROM accounts WHERE password = '{$password}' AND username = '{$username}'")->fetch(PDO::FETCH_ASSOC);
    if($user) {
        $_SESSION['username'] = $username;
        echo json_encode(array(
        'success' => true
        ));
    } else {
         echo json_encode(array(
        'success' => false,
        'error' => 'Invalid username Or Wrong Password.'
        ));
    }
}

?>

here sorry :))

Hasan_10 0 Newbie Poster · Answer 8 · 2019-04-11T20:22:13+00:00

Hasan_10 0 Newbie Poster

5 Years Ago

thank you

Dani 4,329 The Queen of DaniWeb Administrator Featured Poster Premium Member · Answer 9 · 2019-04-11T20:49:22+00:00

I see you marked this thread as solved. Do you still need help with code to change password? I suggest you begin by using the password_hash() function for joining and logging in, and then use the pseudocode I provided. Let us know if you need more assistance.