Я внедрил 'md5' для обеспечения базовой c безопасности паролей, когда они сохраняются в базе данных.
Когда я проверяю код и ввожу правильный пароль, который сохраняется в базе данных, и два новых совпадающих пароля, программа выводит, что «старые пароли не совпадают».
I Прочитал код, чтобы увидеть, есть ли какие-либо синтаксические ошибки, однако я не могу их обнаружить, поэтому я не знаю, что является причиной проблемы.
Любая помощь очень ценится, спасибо.
<html>
<link rel="stylesheet" type="text/css" href="passwordChangeCSS.css">
</html>
<?php
session_start();
$user=$_SESSION['firstName'];
if($user)
{
//if user is logged in
//self submitting form
if (isset($_POST['submit']))
{
//begin to change password
//check fields
$oldPassword=$_POST['oldPassword'];
$newPassword=$_POST['newPassword'];
$RepNewPassword=$_POST['RepNewPassword'];
//check password against db
$connectDB = mysqli_connect("localhost","root","") or die("cant connect"); //proving the database connection details and saving it as a variable
mysqli_select_db($connectDB, "registration"); //table name
$PassQuery=mysqli_query($connectDB, "SELECT password FROM users WHERE firstName='$user'") or die ("query didnt work"); //sql query to select the password relevant to the current user
$row=mysqli_fetch_assoc($PassQuery); //creates array
$oldPasswordInDB=$row['password']; //saves the users current password as a variable
//checks old passwords
$oldPasswordEncrypt=md5($oldPassword);
if (($oldPasswordEncrypt) == ($oldPasswordInDB)){
//check two new passwords
if($newPassword==$RepNewPassword)
{
//if passwords match, success
//change passwords in DB
//update table, change password to new password
$encryptNewPassword=md5($newPassword);
$queryChange=mysqli_query($connectDB, "UPDATE users SET password='$encryptNewPassword' WHERE firstName='$user'");
session_destroy(); //logs user out as they must log back in as they have created a new password
die("your password has been successfully changed. You will now need to log back in. <a href ='logIn.php'>Return</a> to the Log In page");
}
else{
die ("New passwords do not match."); // if the users new passwords dont match eachother, system dies and the user has to re-enter their passwords
}
}
else{
die ("Old password do not match"); //if the users old password that they input doesnt match the one on database, system dies and user has to re-enter their passwords
}
}
else{
//form for password change
echo"
<form class='passwordChange' action='' method='POST'>
<h1>Password Change</h1>
Old Password: <input required type='text' name='oldPassword' placeholder='Enter your old password' ><p>
New Password: <input required type='password' name ='newPassword' placeholder='Enter a new password' ><br/>
Repeat new Password: <input required type='password' name ='RepNewPassword' placeholder='Re-enter your new password' ><p>
<input type='submit' name='submit' value= 'Change password'>
</form>
";
}
}else{
die("you must be logged in to change you password"); //user must be logged in to change password as their password is linked to their account
}
?>