javascript - Entering Hash to reset password and not Actual User Password -



javascript - Entering Hash to reset password and not Actual User Password -

i have update password page won't allow me come in actual current password current password field. instead, wants hashed password. 1 time changed however, new 1 hashed, thing. need able come in actual password , not hashed.

yes know, no md5; more testing all.

changepassword.js

<script> function validatepassword() { var currentpassword,newpassword,confirmpassword,output = true; currentpassword = document.frmchange.currentpassword; newpassword = document.frmchange.newpassword; confirmpassword = document.frmchange.confirmpassword; if(!currentpassword.value) { currentpassword.focus(); document.getelementbyid("currentpassword").innerhtml = "required"; output = false; } else if(!newpassword.value) { newpassword.focus(); document.getelementbyid("newpassword").innerhtml = "required"; output = false; } else if(!confirmpassword.value) { confirmpassword.focus(); document.getelementbyid("confirmpassword").innerhtml = "required"; output = false; } if(newpassword.value != confirmpassword.value) { newpassword.value=""; confirmpassword.value=""; newpassword.focus(); document.getelementbyid("confirmpassword").innerhtml = "not same"; output = false; } homecoming output; } </script>

updatepassword.php

<?php include 'core/login.php'; === contains connection, it's === include 'includes/head.php'; === changepassword.js linked in head === if(count($_post)>0) { $result = mysqli_query($link, "select *from users id='" . $_session["id"] . "'"); $row = mysqli_fetch_array($result); if($_post["currentpassword"] == $row["password"]) { mysqli_query($link, "update users set `password`='" .md5(md5($_post['newpassword'])) . "' id='" . $_session["id"] . "'"); $message = "password changed"; } else $errormessage = "current password not correct"; } print_r($_session); ?>

form on same page:

<div class="container"> <div class="text-center"> <h4>change password below</h4> </div><br /> <div class="message"><?php if(isset($message)) { echo $message; } ?></div> <div class="message"><?php if(isset($errormessage)) { echo $errormessage; } ?></div> <div class="col-md-4 col-md-offset-4"> <form name="frmchange" method="post" action="" onsubmit="return validatepassword()"> <div class="form-group"> <label>current password*</label> <input type="text" name="currentpassword" class="form-control input-md" /> </div> <div class="form-group"> <label>new password*</label> <input type="text" name="newpassword" class="form-control input-md" /> </div> <div class="form-group"> <label>confirm password*</label> <input type="text" name="confirmpassword" class="form-control input-md" /> </div> <br /> <div class="text-center"> <input type="submit" name="submit" class="btn btn-success" value="submit" /> </div> </form> </div> </div>

i went overboard. other question closed. juuuuust gonna leave here... i'm using php version php 5.2.0.

http://php.net/manual/en/faq.passwords.php http://php.net/manual/en/function.password-hash.php http://php.net/manual/en/function.password-verify.php <?php // don't have test form submission, too... $_post['current_password'] = 'tacotaco'; $_post['new_password'] = 'ninrocksomg'; $_post['confirmpassword'] = 'ninrocksomg'; $_session['id'] = 1; // tacotaco encrypted... update db test // update users set password = '$2y$10$fc48jba0dq5dbb8mmxjvqumph1brb/4zbzkifovic9/tqon7ui59e' id=1 // next sooooo ugly... don't leave way if (!isset($_session['id']) or empty($_session['id']) or !isset($_post['current_password']) or empty($_post['current_password']) or !isset($_post['new_password']) or empty($_post['new_password']) or !isset($_post['confirmpassword']) or empty($_post['confirmpassword']) ) { $message = 'please come in password'; } else { $sid = $_session['id']; $currpass = $_post['current_password']; $newpass = $_post['new_password']; $conpass = $_post['confirmpassword']; $message = validate_password($sid, $currpass, $newpass, $conpass); } print "<br/>$message<br/>"; function validate_password($sid, $currpass, $newpass, $conpass) { $mysqli = mysqli_connect('localhost','root','','test') or die('error ' . mysqli_error($link)); $stmt = $mysqli->prepare('select id, password users id = ?'); $stmt->bind_param("s", $sid); $stmt->execute(); $stmt->bind_result($userid, $userpass); $message = ''; if ($stmt->fetch()) { $stmt->close(); if (strlen($newpass) < 8) { $message = 'please come in password @ to the lowest degree 8 characters'; } elseif (!preg_match('`[a-z]`', $newpass)) { $message = 'please come in @ to the lowest degree 1 capital letter'; } elseif ($newpass !== $conpass) { $message = 'your passwords not match.'; } else { if (password_verify($currpass, $userpass)) { $hashed_new = password_hash($newpass, password_bcrypt); $query = 'update users set password = ? id = ?'; $stmt_new = $mysqli->prepare($query); $stmt_new->bind_param('ss', $hashed_new, $sid); if ($stmt_new->execute()) { $message = 'password changed'; } else { $message = $mysqli->error; } } else $message = 'current password not correct'; } } else { $message = 'user not found id $sid'; } $mysqli->close(); homecoming $message; } ?>

javascript php hash mysqli

Comments

Post a Comment

Popular posts from this blog

Delphi change the assembly code of a running process -

Delphi change the assembly code of a running process - i'm trying alter address 00741fa5 has push test.009e721c . alter push test.009e71c8 . procedure callback; asm force $9e71c8 end; procedure tform2.btn1click(sender: tobject); var ppid :dword; pprocess : cardinal; begin getwindowthreadprocessid(findwindow(nil,pchar('test')), @ppid); pprocess := openprocess(process_all_access, false, ppid); injectasm(pprocess, $741fa5, 10, integer(@callback), 0); end; here injectasm function (with error checking) function injectasm(process: longword; injectaddress, injectsize, codeaddress, codesize : integer): pointer; var csize, rsize : integer; replaced : array of byte; jmp : array [0..4] of byte; jmpaddress : integer; nopv : byte; : integer; nbr: ulong_ptr; begin //injectsize must equal or greater 5, because need space our //(far) jmp wwxxyyzz instruction //if there's no space, inject in place of few instructions if injectsize ...
Read more

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) -

json - Hibernate and Jackson (java.lang.IllegalStateException: Cannot call sendError() after the response has been committed) - hello have problem hibernate , jackson. have 2 pojos @entity @table(name = "users") public class user implements serializable { static final long serialversionuid = 4235637833262722256l; @id @generatedvalue private int id; @column(name = "creation_date") private date creationdate; @column(name = "first_name") private string firstname; @column(name = "last_name") private string lastname; @version @column(name = "version") private int version; @column(name = "e_mail") private string email; @column(name = "enabled") private boolean enabled; @column(name = "login") private string login; @column(name = "password") private string password; @jsonmanagedreference("role") @onetomany(mappedby = "user", cascade = cascadetype.all,fetch = fetchtyp...
Read more

C++ 11 "class" keyword -

C++ 11 "class" keyword - i've started using c++ 11 little bit more , have few questions on special uses of class keyword. know it's used declare class, there's 2 instances have seen don't understand: method<class t>(); and class class_name *var; why precede typename keyword class in first example, , keyword pointer in sec example? that known elaborated type specifier , necessary when class name "shadowed" or "hidden" , need explicit. class t { }; // love of god don't t t; t t2; if compiler smart, give these warnings: main.cpp:15:5: error: must utilize 'class' tag refer type 't' in scope t t2; ^ class main.cpp:14:7: note: class 't' hidden non-type declaration of 't' here t t; ^ if class not defined, deed forwards declaration. for example: template <typename t> void method() { using type = typename t::value_type; } method...
Read more