Html Posted November 20, 2019 Share Posted November 20, 2019 Hey there, So I checked out this code, is this okay to use? Obviously, the php code, I am looking at here. For the db, a new column, I guess in users table, would be needed a password and as varchar 20. `password` varchar(55) NOT NULL, <?php session_start(); $_SESSION["userId"] = "1"; $conn = mysqli_connect("localhost", "root", "test", "blog_samples") or die("Connection Error: " . mysqli_error($conn)); if (count($_POST) > 0) { $result = mysqli_query($conn, "SELECT *from users WHERE userId='" . $_SESSION["userId"] . "'"); $row = mysqli_fetch_array($result); if ($_POST["currentPassword"] == $row["password"]) { mysqli_query($conn, "UPDATE users set password='" . $_POST["newPassword"] . "' WHERE userId='" . $_SESSION["userId"] . "'"); $message = "Password Changed"; } else $message = "Current Password is not correct"; } ?> <html> <head> <title>Change Password</title> <link rel="stylesheet" type="text/css" href="styles.css" /> <script> function validatePassword() { var currentPassword,newPassword,confirmPassword,output = true; currentPassword = document.frmChange.currentPassword; newPassword = document.frmChange.newPassword; confirmPassword = document.frmChange.confirmPassword; if(!currentPassword.value) { currentPassword.focus(); document.getElementById("currentPassword").innerHTML = "required"; output = false; } else if(!newPassword.value) { newPassword.focus(); document.getElementById("newPassword").innerHTML = "required"; output = false; } else if(!confirmPassword.value) { confirmPassword.focus(); document.getElementById("confirmPassword").innerHTML = "required"; output = false; } if(newPassword.value != confirmPassword.value) { newPassword.value=""; confirmPassword.value=""; newPassword.focus(); document.getElementById("confirmPassword").innerHTML = "not same"; output = false; } return output; } </script> </head> <body> <form name="frmChange" method="post" action="" onSubmit="return validatePassword()"> <div style="width: 500px;"> <div class="message"><?php if(isset($message)) { echo $message; } ?></div> <table border="0" cellpadding="10" cellspacing="0" width="500" align="center" class="tblSaveForm"> <tr class="tableheader"> <td colspan="2">Change Password</td> </tr> <tr> <td width="40%"><label>Current Password</label></td> <td width="60%"><input type="password" name="currentPassword" class="txtField" /><span id="currentPassword" class="required"></span></td> </tr> <tr> <td><label>New Password</label></td> <td><input type="password" name="newPassword" class="txtField" /><span id="newPassword" class="required"></span></td> </tr> <td><label>Confirm Password</label></td> <td><input type="password" name="confirmPassword" class="txtField" /><span id="confirmPassword" class="required"></span></td> </tr> <tr> <td colspan="2"><input type="submit" name="submit" value="Submit" class="btnSubmit"></td> </tr> </table> </div> </form> </body> </html> https://phppot.com/php/php-change-password-script/ Link to comment Share on other sites More sharing options...
Mudsaf Posted November 22, 2019 Share Posted November 22, 2019 mysqli_query($conn, "UPDATE users set password='" . $_POST["newPassword"] . "' WHERE userId='" . $_SESSION["userId"] . "'"); Honestly, I would recommend against this method, since its vulnerable to SQL injection. At least mysqli_escape the post method and consider hashing the passwords instead of storing them as plain text. This is so minor update that matters lot. Mysqli_real_escape_string: https://www.php.net/manual/en/mysqli.real-escape-string.php prevents from sql injection (not required with prepared statements, but yours isn't one). Link to comment Share on other sites More sharing options...
Html Posted November 22, 2019 Author Share Posted November 22, 2019 I tried this code or another, but it didn't work. The user site I use, it uses Sha2. I tried removing it, it only breaks the system, so how to use it with this, I am not sure about that. Change pass is something I am not that concerned about, especially if the code is rubbish as you've pointed out. Remove data was important, i got some code help elsewhere for that. Now that image id task. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now