0

I have created a change password portal, it keep echo "Old Password Not Match!",but i sure my old password is same with the DB's password, is there any wrong in my controller or model? Hope somebody can help,Thanks!

Below is my controller:

public function chgpass()
{
    $this->load->helper('security');
    $this->form_validation->set_rules('cpassword','Current Password','required|max_length[150]|min_length[6]');
    $this->form_validation->set_rules('npassword','New Password','required|max_length[150]|min_length[6]');
    $this->form_validation->set_rules('copassword','Confirm Password','required|max_length[150]|min_length[6]|matches[npassword]');

    if($this->form_validation->run() == false){
        $this->load->view('chgpass');
    }else{
        //update data
        $data = array(
            'password' => md5($this->input->post('npassword'))
        );
        //check old password
        $result = $this->Form_model->Check_Old_Password($this->session->userdata('USER_ID'),md5($this->input->post('cpassword')));
        if($result > 0 AND $result === true){
            //update user data
            $result = $this->Form_model->Update_User_Data($this->session->userdata('USER_ID'),$data);
            if($result > 0){
                echo "Password Changed!";
                //$this->session->set_flashdata('success','Password Changed!');
                //redirect(base_url() . 'main/login');
            }else{
                echo "Password Not Changed!";
                //$this->session->set_flashdata('error','Password Not Changed!');
                //redirect(base_url() . 'main/chgpass');
            }
        }else{
            echo "Old Password Not Match!";
            //$this->session->set_flashdata('error','Password Not Changed!');
            //redirect(base_url() . 'main/chgpass');
        }
    }
}

Below is my model:

public function Update_User_Data($user_id,$data){
    $this->db->set($data);
    $this->db->where('id',$user_id);
    $this->db->update('users');
    if($this->db->affected_rows() > 0)
        return true;
    else
        return false;

}
public function Check_Old_Password($user_id,$cpassword){
    $this->db->where('id',$user_id);
    $this->db->where('password',$cpassword);
    $query = $this->db->get('users');
    if($query->num_rows() > 0)
        return true;
    else
        return false;

}
executable
  • 3,365
  • 6
  • 24
  • 52
jovan2226
  • 17
  • 5
  • 1
    First check old password function return value. If this function return true than may be issue in $result > 0 AND $result === true conditions – Korat Prakash Oct 04 '18 at 11:03
  • Did you load Form_model in your controller – Vijay Oct 04 '18 at 13:11
  • does the result of `md5($this->input->post('cpassword'))` via echo match a record in the db? – Alex Oct 04 '18 at 13:28
  • Instead of md5 hashing try to use password_hash() which will generate random hash and more secured than md5. Here is an example https://stackoverflow.com/a/30279440/9988189 – Bergin Oct 05 '18 at 07:46

1 Answers1

0

I got the solution,just change the USER_ID and $user_id into username and $username

model:

public function Update_User_Data($username,$data){
    $this->db->set($data);
    $this->db->where('username',$username);
    $this->db->update('users');
    if($this->db->affected_rows() > 0)
        return true;
    else
        return false;

}
public function Check_Old_Password($username,$cpassword){
    $this->db->where('username',$username);
    $this->db->where('password',$cpassword);
    $query = $this->db->get('users');
    if($query->num_rows() > 0)
        return true;
    else
        return false;

}

controller:

$result = $this->Form_model->Check_Old_Password($this->session->userdata('username'),md5($this->input->post('cpassword')));
                if($result > 0 AND $result === true){
                    //update user data
                    $result = $this->Form_model->Update_User_Data($this->session->userdata('username'),$data);
jovan2226
  • 17
  • 5