MD5 and Salt Help
Can anyone tell me what's wrong with my code?
PHP Code:
<?php
= $_GET [ 'user_id' ];
// start the session
session_name ( 'pickles' );
session_set_cookie_params ( 900 );
session_start ();
// verify session
if (empty( $_SESSION ) || $_SESSION [ 'news' ] != true )
// redirect them
header ( "Location: login page" );
// require the connection and salt settings
require_once( "path_to_connection_and_update_code);
path_to_salt_code ");
$conn = path_to_connection_and_update_code_function;
$query1 = " SELECT ` user_id `, ` username `, ` pwd `, ` user_email ` FROM ` users ` WHERE ` user_id ` = ? LIMIT 1 ";
$stmt1 = $conn -> prepare ( $query1 ))
$stmt1 -> bind_param ('i', $user_id );
$stmt1 -> execute ())
$stmt1 -> bind_result ( $id , $username , $pwd , $email );
$stmt1 -> fetch ();
$stmt1 -> close ();
$_POST ) && !empty( $_POST [ 'submit']))
$missing = array();
$_POST as $key => $value )
$key ))
$missing [] = $key ;
$email1 = $_POST [ 'email'];
$pwd1 = md5( $salt . md5( $_POST [ 'pwd1'] . $salt ));
$pwd2 = md5( $salt . md5( $_POST [ 'pwd2'] . $salt ));
$pwd1 !== $pwd2 )
$notIdentical = false;
$missing ) && $pwd1 === $pwd2 )
$missing );
$query2 = " UPDATE ` users ` SET ` pwd ` = ? WHERE ` user_id ` = ? ";
$stmt2 = $conn -> prepare ( $query2 ))
$stmt2 -> bind_param ('si', $newPwd , $id2 );
$newPwd = $pwd1 ;
$id2 = $user_id ;
$stmt2 -> execute ();
$stmt2 -> close ();
Location : different page ");
What I'm trying to do is update a user's password with an encrypted password (as evident by the salt and MD5 function use). However, the password never seems to update. Every time I log into phpMyAdmin and check, the password is the same as it always was. No encryption, and no edits to the original word
might want to change `user_id` = ? to user_id = '.$user_id.'
PHP Code:
if ( $pwd1 !== $pwd2 ) $notIdentical = false ; $pwd1 ; $pwd2 ; $salt ; $_POST [ 'pwd1' ]; $_POST [ 'pwd1' ];
also I don't know how you are using $notIdentical but shouldn't it be true?
I'm using PHP's MySQL Improved extension. That's why it looks like it does; that's how MySQL Improved works.
Is $stmt2->execute(); returning correctly?
Last edited by MrCoder; 10-24-2008 at 06:05 AM .
Originally Posted by
temp.user123
You know... You're not so smart. Do you need me to educate you?
Your missing a double quote in this line
PHP Code:
require_once( "path_to_connection_and_update_code);
Should be this
PHP Code:
require_once( "path_to_connection_and_update_code" );
Your code will look more colorful instead of all red
PHP Code:
<?php
= $_GET [ 'user_id' ];
// start the session
session_name ( 'pickles' );
session_set_cookie_params ( 900 );
session_start ();
// verify session
if (empty( $_SESSION ) || $_SESSION [ 'news' ] != true )
// redirect them
header ( "Location: login page" );
// require the connection and salt settings
require_once( "path_to_connection_and_update_code" );
"path_to_salt_code" );
// connect to the database
$conn = path_to_connection_and_update_code_function ;
// write the query
$query1 = "SELECT `user_id`, `username`, `pwd`, `user_email` FROM `users` WHERE `user_id` = ? LIMIT 1" ;
// prepare the statement
if ( $stmt1 = $conn -> prepare ( $query1 ))
// bind the parameters
$stmt1 -> bind_param ( 'i' , $user_id );
// execute
if ( $stmt1 -> execute ())
$stmt1 -> bind_result ( $id , $username , $pwd , $email );
$stmt1 -> fetch ();
$stmt1 -> close ();
// process the form
if ( array_key_exists ( 'submit' , $_POST ) && !empty( $_POST [ 'submit' ]))
// create an array for missing fields
$missing = array();
// check to see if there are any missing fields
foreach ( $_POST as $key => $value )
$key ))
$missing [] = $key ;
$email1 = $_POST [ 'email' ];
$pwd1 = md5 ( $salt . md5 ( $_POST [ 'pwd1' ] . $salt ));
$pwd2 = md5 ( $salt . md5 ( $_POST [ 'pwd2' ] . $salt ));
// check to see that the passwords are identical
if ( $pwd1 !== $pwd2 )
$notIdentical = false ;
// if all input is clear, let's go
if (empty( $missing ) && $pwd1 === $pwd2 )
// missing is no longer needed
unset( $missing );
$query2 = "UPDATE `users` SET `pwd` = ? WHERE `user_id` = ?" ;
$stmt2 = $conn -> prepare ( $query2 ))
$stmt2 -> bind_param ( 'si' , $newPwd , $id2 );
$newPwd = $pwd1 ;
$id2 = $user_id ;
$stmt2 -> execute ();
$stmt2 -> close ();
header ( "Location: different page" );
?>
Code:
require_once("path_to_connection_and_update_code");
Some how I highly doubt that has anything to do with the issue at hand since the text within the require is not even a real file name.
Originally Posted by
temp.user123
You know... You're not so smart. Do you need me to educate you?
Yeah, that was just a typo when I made the post.
that sure is a nice sig you have there
Too many threads have begun exactly like this one
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules
Reply With Quote
Originally Posted by temp.user123
I decided to take matters into my own hands
Bookmarks