Change Password in MySQLi table using PHP and functions

Question

I'm having a forgetful time today, and haven't got fully back into coding in a couple years, so need some help! I'm trying to create a change password form that verifies the login by session data (which I've done), and let the user change password by entering the new password in twice (one for confirmation) and then updating the MySQL table.

The problem I'm having is my change password function is in another file, and I've forgot how to link it with a form on a different page; and if I should use post or get?

The code I've got is:

<form method="post" action="reset_password">
Password: <input type="password" name="password1" id="password1"/></br>
Confirm Password: <input type="password" name="password2" id="password2/></br>
            <input type="button" value="Change">
            <input type="submit" value="Change Password">

So far for the changing of passwords bit; I need to add some way of calling a function from my functions.php and confirming the passwords written are the same.

and in my functions.php I wrote

function reset_password($mysqli) {
    if (isset($_SESSION['user_id'], 
              $_SESSION['username'], 
              $_SESSION['login_string'])) {

             $user_id = $_SESSION['user_id'];
        $login_string = $_SESSION['login_string'];
            $username = $_SESSION['username'];
        $user_browser = $_SERVER['HTTP_USER_AGENT'];

        if ($stmt = $mysqli->prepare("SELECT password, salt 
                                      FROM login_secure 
                                      WHERE id = ? LIMIT 1")) {
            // Bind "$user_id" to parameter. 
            $stmt->bind_param('i', $user_id);
            $stmt->execute();   // Execute the prepared query.
            $stmt->store_result();

            if ($stmt->num_rows == 1) {
                // If the user exists get variables from result.
                $stmt->bind_result($password, $salt);
                $stmt->fetch();
                $login_check = hash('sha512', $password . $user_browser);

                if ($login_check == $login_string) {
                    $new_password = hash('sha512', $password1 . $salt);
                    $insert_stmt = $mysqli->prepare("UPDATE login_secure SET password = ".$new_password." WHERE id = ".$user_id."");
                    $insert_stmt->execute();
                }}}}}

I haven't been able to test it out yet as I've not thought how to link them together. Does anyone have any clue, my mind is suffering from old age; and has gone blank.

first of all, http://stackoverflow.com/a/22662582/285587 to get the error. and then google for it, it's pretty solvable one. I guess — Your Common Sense, May 11 '14 at 19:41

score -1 · Answer 1 · answered May 12 '14 at 00:03

<form method="POST" action="functions.php">
Password: <input type="password" name="password1" id="password1" /><br>
Confirm Password: <input type="password" name="password2" id="password2" /><br>
        <input type="submit" value="Change Password" />
</form>

Here is the code for functions.php

<?php
session_start();
$user_id = $_SESSION['user_id'];
$password1 = $_POST['password1'];
$password2 = $_REQUEST['password2'];

include('../database_connection.php');
$sql = mysqli_query($connection, "SELECT password, salt 
                                  FROM login_secure WHERE id ='".$user_id."'");
while($row = mysqli_fetch_array($sql)){ $salt = $row['salt'];
$password = $password1;
$hash = md5($salt . $password);

mysqli_query($connection, "UPDATE login_secure SET password = '".$hash."' WHERE id='".$user_id."'");
}
?>

Change Password in MySQLi table using PHP and functions

1 Answers1