Enrico Enrico - 1 month ago 6
PHP Question

PHP update password form not working

I'm trying to make a form for users to change their password.



<div class="panel panel-primary">
<div class="panel-heading">
<h3 class="panel-title"><?php echo $errormessage;?></h3>
</div>
<div class="panel-body">
<form method="post" name="passwordchange" id="passwordchange">
<div class="row">
<div class="col-md-6">
<div class="row">
<div class="col-md-3"><label>Password</label></div>
<div class="col-md-5"><input class="form-control" name="pass1" id="pass1" type="text" required value=""></div>
</div>
</div>
<div class="col-md-6">
<div class="row">
<div class="col-md-3"><label>Confirm Password</label></div>
<div class="col-md-5"><input class="form-control" name="pass2" id="pass2" type="text" required value=""></div>
</div>
</div>
<input type="submit" class="btn btn-primary pull-right" name="submit" value="submit">
</div>
</form>
</div>
</div>




<?php
$ok=true;
if(isset($_POST['submit']))
{
$new_password = $_POST['pass1'];
$new_password2 = $_POST['pass2'];

$userid=$_SESSION['user']['id'];

if($new_password!=$new_password2){
$ok=false;
$errormessage="Passwords do not match.";
}

if($ok){

$errormessage="ok";
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $new_password . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}



$query = "
update users
set
password = :password,
hash = :hash
WHERE id = '$userid'";

// The parameter values
$query_params = array(
':password' => $password,
':salt' => $salt
);

try
{
// Execute the query against the database
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{

//die("Failed to run query: " . $ex->getMessage());
die("update error");

}
header("Location: account.php?success");

}

}

?>


When I submit the form the page reloads and nothing happens. When I enter two different passwords I get the error message 'Passwords do not match.'

I also get a weird behavior when the form reloads, the navigation on my site stops working after the form reload.

I tried playing with the input type name, form name, using isset _request instead of isset _POST. But nothing seems to help.

What did I do wrong?

edit:I mixed up SALT and HASH. Wooops..

Answer

In the query you have hash and password, in the prepare SALT and password. There is no salt in your query.

Comments