Html 7 Posted November 20, 2019 Report Share Posted November 20, 2019 Hey there, So I checked out this code, is this okay to use? Obviously, the php code, I am looking at here. For the db, a new column, I guess in users table, would be needed a password and as varchar 20. `password` varchar(55) NOT NULL, <?php session_start(); $_SESSION["userId"] = "1"; $conn = mysqli_connect("localhost", "root", "test", "blog_samples") or die("Connection Error: " . mysqli_error($conn)); if (count($_POST) > 0) { $result = mysqli_query($conn, "SELECT *from users WHERE userId='" . $_SESSION["userId"] . "'"); $row = mysqli_fetch_array($result); if ($_POST["currentPassword"] == $row["password"]) { mysqli_query($conn, "UPDATE users set password='" . $_POST["newPassword"] . "' WHERE userId='" . $_SESSION["userId"] . "'"); $message = "Password Changed"; } else $message = "Current Password is not correct"; } ?> <html> <head> <title>Change Password</title> <link rel="stylesheet" type="text/css" href="styles.css" /> <script> function validatePassword() { var currentPassword,newPassword,confirmPassword,output = true; currentPassword = document.frmChange.currentPassword; newPassword = document.frmChange.newPassword; confirmPassword = document.frmChange.confirmPassword; if(!currentPassword.value) { currentPassword.focus(); document.getElementById("currentPassword").innerHTML = "required"; output = false; } else if(!newPassword.value) { newPassword.focus(); document.getElementById("newPassword").innerHTML = "required"; output = false; } else if(!confirmPassword.value) { confirmPassword.focus(); document.getElementById("confirmPassword").innerHTML = "required"; output = false; } if(newPassword.value != confirmPassword.value) { newPassword.value=""; confirmPassword.value=""; newPassword.focus(); document.getElementById("confirmPassword").innerHTML = "not same"; output = false; } return output; } </script> </head> <body> <form name="frmChange" method="post" action="" onSubmit="return validatePassword()"> <div style="width: 500px;"> <div class="message"><?php if(isset($message)) { echo $message; } ?></div> <table border="0" cellpadding="10" cellspacing="0" width="500" align="center" class="tblSaveForm"> <tr class="tableheader"> <td colspan="2">Change Password</td> </tr> <tr> <td width="40%"><label>Current Password</label></td> <td width="60%"><input type="password" name="currentPassword" class="txtField" /><span id="currentPassword" class="required"></span></td> </tr> <tr> <td><label>New Password</label></td> <td><input type="password" name="newPassword" class="txtField" /><span id="newPassword" class="required"></span></td> </tr> <td><label>Confirm Password</label></td> <td><input type="password" name="confirmPassword" class="txtField" /><span id="confirmPassword" class="required"></span></td> </tr> <tr> <td colspan="2"><input type="submit" name="submit" value="Submit" class="btnSubmit"></td> </tr> </table> </div> </form> </body> </html> https://phppot.com/php/php-change-password-script/ Quote Link to post Share on other sites
Mudsaf 17 Posted November 22, 2019 Report Share Posted November 22, 2019 mysqli_query($conn, "UPDATE users set password='" . $_POST["newPassword"] . "' WHERE userId='" . $_SESSION["userId"] . "'"); Honestly, I would recommend against this method, since its vulnerable to SQL injection. At least mysqli_escape the post method and consider hashing the passwords instead of storing them as plain text. This is so minor update that matters lot. Mysqli_real_escape_string: https://www.php.net/manual/en/mysqli.real-escape-string.php prevents from sql injection (not required with prepared statements, but yours isn't one). Quote Link to post Share on other sites
Html 7 Posted November 22, 2019 Author Report Share Posted November 22, 2019 I tried this code or another, but it didn't work. The user site I use, it uses Sha2. I tried removing it, it only breaks the system, so how to use it with this, I am not sure about that. Change pass is something I am not that concerned about, especially if the code is rubbish as you've pointed out. Remove data was important, i got some code help elsewhere for that. Now that image id task. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.