php - Forgot password not updated plus password hash -


am creating application... fine far. in registration system have used prepared statement , password hashing , have try validate user input in form fields well. in order system completed need create forgot password system means user can request new password.

what have done have testing site files, means can test if works before adding production site.

with forgot password have used mysqli once working fine update prepared, because still learning prepared statement , doing way me understand don't judge.

the problem having forgot password password not updating once change. see screenshot: http://prntscr.com/d5hage

also mentioned above have used http://prntscr.com/d5hbg1 in register , verify in log-in. how used hashing in forgot password or how update it. in code below have used md5 aware broken. please coding below.

reset_password.php

       <?php       // include connection             require_once('include/connection.php');       if(isset($_post['submit'])){       $user_id = base64_decode($_get['encrypt']);        $passnew = password_hash($password, $_post['new_password'], password_bcrypt, array( 'cost' => 12 ) );      $sql = "update  `olami560_test`.`user` set  `password` =?  `user`.`id` =?";     $stmt = $con->prepare($sql);     $stmt->bind_param('si',$passnew, $user_id);     $stmt->execute();      if ($stmt->errno) {       echo "failure!!! " . $stmt->error;     }     else echo "password changed successfully.click on link login <a href='http://www.olaskee.co.uk/project/allocation/progress/index.php'>login</a>{$stmt->affected_rows} rows";      $stmt->close();      }     ?>       <form method="post" action="<?php echo $_server['http_referer']; ?>" >       <label>new password</label>       <input type="password" name="new_password"/>       <input type="submit" name="submit" value="reset" />       </form>

forgot_password.php

         <?php        // include connection               require_once('include/connection.php');                 if(isset($_get) && !empty($_get['email'])){               $email = mysqli_real_escape_string($con,$_get['email']);                    $query = "select id              `user`               `user_name`  '".$email."'             or  `email`  '".$email."'";                    $result = mysqli_query($con,$query);                    $results = mysqli_fetch_array($result);                   if(count($results)>=1)                   {                         $query2 = "select email              `user`               `user_name`  '".$email."'             or  `email`  '".$email."'";                     $result2 = mysqli_query($con,$query2);                    $emailvalue = mysqli_fetch_array($result2);                        //$token = md5(uniqid(rand(),true));                       //$encrypt = md5($results['id']);                       $encrypt = base64_encode($results['id']);                       $message = "your password reset link send e-mail address.";                       $to = $emailvalue['email'];                       $subject="forget password";                       $from = 'leksmaster@gmail.com';                       $body= 'hi, <br/> user <br/>you requested reset password. <br><br>http://www.olaskee.co.uk/project/allocation/tms/reset_password.php?token='.$token.'&encrypt='.$encrypt.'&action=reset<br/> <br/>--<br>.olaskee<br>';                       $headers = "from: " . strip_tags($from) . "\r\n";                       $headers .= "reply-to: ". strip_tags($from) . "\r\n";                       $headers .= "mime-version: 1.0\r\n";                       $headers .= "content-type: text/html; charset=iso-8859-1\r\n";                         mail($to,$subject,$body,$headers);                          echo $message;                     }                   else                   {                       $message = "account not found please signup now!!";                       echo $message;                   }         }               ?>

i hope have provide enough explanation understand. input.

ok, looking through code there few things think need at.

on form change this

<form method="post" action="<?php echo $_server['http_referer']; ?>" >

to

<form method="post" action="" >

this should submit form itself.

the hashing needs password_hash() use following , started

$passnew = password_hash( $password, $_post['new_password'], password_bcrypt, array( 'cost' => 12 ) );

on form resetting password idea have user input new password twice, way can check if have repeated password correctly.

if( $_post[ 'pass1' ] == $_post[ 'pass2' ] ) // process else error

in forgot_password.php file calling same sql statement twice. call once, check if row count greater one, if use data within result, no need call again same thing.

hopefully going, have day.


Comments

Post a Comment

Popular posts from this blog

asynchronous - C# WinSCP .NET assembly: How to upload multiple files asynchronously -

i using winscp .net assembly uploading files. want upload multiple files asynchronous way. have created method works single upload. public class uploadingdata { private sessionoptions _sessionoptions; private session _session; //connection etc private void onconnected() { foreach (var fileinfo in localfileslist) { var task = task.factory.startnew(() => uploadfilesasync(fileinfo)); } } private async task uploadfilesasync(string file) { string remotefilepath = _session.translatelocalpathtoremote(file, @"/", "/test_data_upload"); var uploading = _session.putfiles(file, remotefilepath, false); //when done await task.run(() => thread.sleep(1000)); } } please suggest me correct way. thanks you can use backgroundworker class this: string[] images = new string[50]; foreach (var path in images) { backgroundworker
Read more

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more