I am trying to update a users password when they enter their old through a HTML form. It won't work. I was wondering if there is a reason why my code isn't working. I was wondering if there is anything I can do to make sure the user can update their password.
<?php
session_start();
if(isset($_SESSION["user"])){
$email = $_SESSION["user"];
include_once 'config.php';
$result = "SELECT id, username, email, password FROM user
WHERE email='$email'";
$result1=$conn->query($result);
while($row = $result1->fetch_assoc()){
$id = $row['id'];
$email=$row['email'];
$pass=$row['password'];
$username=$row['username'];
}
if (password_verify($_POST['oldpw'], $pass)) {
$newpw=$conn->real_escape_string($_POST['newpw']);
$sql="UPDATE user SET password='$newpw' WHERE
username=$username and password=$pass";
$result=$conn->query($sql);
if($result>0)
{
$mysql="UPDATE user SET
password='$newpw' WHERE id='$id'";
$result2=mysql_query($mysql);
echo "Updated Successfully";
}
$updatepass="UPDATE user SET
password='".password_hash($_POST['newpw'],
PASSWORD_DEFAULT)."' WHERE id='$id'";
$resultupdate=$conn->query($updatepass);
$message="Your password has successfully been
updated";
echo"Success";
echo 'Password is valid!';
} else {
echo 'Invalid password.';
}
} else{
header("location: login.php");
}
?>
Aucun commentaire:
Enregistrer un commentaire