Password renewal system

Question

Password renewal system

Navigation

#1 by (1 votes)
#2 by (1 votes)

0

My question is that I'm trying to do a password reset system.

[Current Password] [ New password ] [Change]

Good codes below

settings.php

<?php

 require_once('assets/system/core.php');

     if (isset($_POST['password'])) {

    $password = mysqli_query($db, "SELECT * FROM users WHERE password = 'password'");

    if ($password->num_rows > 0) {
            while($row = $password->fetch_assoc()) {
                $userid = $row["id"];
            }
        }
    elseif(mysqli_num_rows($password) == 0)
    {
        echo '<div id="alert-error">Senha está incorreta!</div>';
        $passerror = true;
    }
}

     if (isset($_POST['npassword'])) {

    $npassword = mysqli_query($db, "UPDATE users SET password='".$_POST['npassword']."' WHERE username='".$_SESSION['loginuser']."'");

    {
        echo '<div id="alert-green">Você foi registrado corretamente!</div>';
    }
}

    echo '
    <div class="wrapper-me">
        <div class="right-content" style="margin-left: 5px">
            <div id="box" style="min-height: 400px;  max-height: 1200px;">
                <div id="blue-title" style="background: #27ae60; border: 1px solid #27ae60">
                    <h1 id="title-config">Alterar minha senha</h1>
                    <i style="color:#e0e0e0;" class="ion-edit"></i>
                </div>
                <div id="content-config" style="height: auto;">
                    <form action="" method="post" autocomplete="off">
                    <input type
                      <input type="password" name="password" placeholder="Senha atual" class="button-contn1"/>
                       <input type="password" name="npassword" placeholder="Nova senha" class="button-contn1"/>
                      <input type="submit" value="Continuar" class="button-contn">
                    </form>
                    </div> '


    ?>

I do not know the error, it is changing the password .. Plus it's kind of not half that confirming if the actual password actually is in the database.

Please, if anyone could help me, I would appreciate it.

php mysql

asked by anonymous 22.09.2016 / 14:22

2 answers

1

Friend, your logic had some problems, but I tried to make the most of what you used to avoid confusing you, the code was even more ugly but the intention is to understand if you understand an improvement.

The code is following this cycle below:

Checks if fields are not empty
Encrypts the passwords that came via POST in MD5
Get the database user with the entered data
Checks if old password is not equal to current
Updates the user with the new password and printa the success screen

Commented code below

<?php

require_once('assets/system/core.php');

// Verifica se não está vazio os campos senha atual e nova senha
if (!empty($_POST['npassword']) && !empty($_POST['password'])) {

    $pass = md5($_POST['password']);   // nova senha
    $npass = md5($_POST['npassword']);   // senha atual

    // Estou usando esse login user que você salvou na session.
    $npassword = mysqli_query($db, "SELECT * FROM users WHERE password = '$npass' and username = '".$_SESSION['loginuser']."'");

    // Verifica se ele achou algum usuario com o valor salvo na session loginuser e a senha digitada por ele
    if (mysqli_num_rows($npassword) > 0) {
        // verifica se a senha atual não é igual a antiga
        if ($pass != $npass ) {
            // caso o update ocorra corretamente ele printa o sucesso! (Recomendo usar um ID caso esse username não for uma chave primaria - PK)
            if ($password = mysqli_query($db, "UPDATE users SET password='".$_POST['npassword']."' WHERE username='".$_SESSION['loginuser']."'")) {
                echo '<div id="alert-green">Senha alterada com sucesso!</div>';
            }
            else {
                  echo '<div id="alert-error">Algum prolema foi encontrado e sua senha não foi alterada!</div>';
            }
        }
        else {
             echo '<div id="alert-error">Senha atual é igual a senha antiga!</div>';
        }


    }
    else {
        echo '<div id="alert-error">Senha atual está incorreta!</div>';
        $passerror = true;
    }
}

// Printa o form quando ele não for enviado 

echo '
<div class="wrapper-me">
    <div class="right-content" style="margin-left: 5px">
        <div id="box" style="min-height: 400px;  max-height: 1200px;">
            <div id="blue-title" style="background: #27ae60; border: 1px solid #27ae60">
                <h1 id="title-config">Alterar minha senha</h1>
                <i style="color:#e0e0e0;" class="ion-edit"></i>
            </div>
            <div id="content-config" style="height: auto;">
                <form action="" method="post" autocomplete="off">
                    <input type
                    <input type="password" name="password" placeholder="Senha atual" class="button-contn1"/>
                    <input type="password" name="npassword" placeholder="Nova senha" class="button-contn1"/>
                    <input type="submit" value="Continuar" class="button-contn">
                </form>
            </div>
        </div>
    </div>
</div> '
?>

Any doubts, I love you!

@Edit

Code changed to transform passwords into md5.

22.09.2016 / 15:14

Problems with Json Encode of PHP? Select with MD5 password returning empty

score 1 · Accepted Answer

Good morning, I see some very wrong points in what you did. The worst thing is that this way that was programmed if there are 2 equal passwords will give problem.

I believe it should work as follows, I will post the code here and you will adapt if necessary.

We assumed that the person was logged in and you recorded her id in a session or in case you forced her to enter the login somewhere as well.

form.php

<div class="wrapper-me">
    <div class="right-content" style="margin-left: 5px">
        <div id="box" style="min-height: 400px;  max-height: 1200px;">
            <div id="blue-title" style="background: #27ae60; border: 1px solid #27ae60">
                <h1 id="title-config">Alterar minha senha</h1>
                <i style="color:#e0e0e0;" class="ion-edit"></i>
            </div>
            <div id="content-config" style="height: auto;">
                <form action="valida.php" method="post" autocomplete="off">
                    <input type
                    <input type="password" name="password" placeholder="Senha atual" class="button-contn1"/>
                    <input type="password" name="npassword" placeholder="Nova senha" class="button-contn1"/>
                    <input type="submit" value="Continuar" class="button-contn">
                </form>
            </div>
        </div>
    </div>
</div>

valida.php

<?php

if(!empty($_POST['npassword']) && !empty($_POST['password'])){
    $sql= mysqli_query($db, "UPDATE users SET password='".md5($_POST['npassword'])."' WHERE username='".$_SESSION['loginuser']."' AND password='".md5($_POST['password'])."'");
    mysqli_query($db,$sql);
    if(mysqli_affected_rows($db)>0){
        echo "Senha alterada";
    } else {
        echo "Sua senha atual não coincide!";
    }
} else {
    echo "Ambos campos de senha devem estar preenchidos";
}

? >

Any questions, just let me know ^^