0

I have the following code,I have created a form for attemting a scheme of changing the password for the user. i have hashed my password and stored it in the database. Now in the database it looks like, "980a3a0b40df9a1". Whenever i enter the changed password in the form it throws an error of in-correction. I have to enter the complete hashed password for it. I want to know how can i get the unhashed passwords for form?

<?php 
session_start();
include_once("../includes/connection.php"); 
$msg = '';  
//posting variables!
if(isset($_POST['old_password']) && isset($_POST['n_password']) && isset($_POST['new_password'])){
    $old_pass = mysql_real_escape_string($_POST['old_password']);
    $password = mysql_real_escape_string($_POST['n_password']);
    $new_pass = mysql_real_escape_string($_POST['new_password']);
    //defining session variable
    if (isset($_SESSION['user_name'])){
        $username = $_SESSION['user_name'];
        // Passing and reading up the password
        $query_pass  = "SELECT * ";
        $query_pass .= "FROM users ";
        $query_pass .= "WHERE user_name = '".$_SESSION['user_name']."' ";
        $query_pass .= "LIMIT 1";

        $result_set = mysql_query($query_pass) or die(mysql_error());
        $pass_rows = mysql_num_rows($result_set) or die (mysql_error());
        //reading elements row by row.

        //$pass_set  = mysql_fetch_array($pass_rows);
        while ($pass_set = mysql_fetch_array($result_set)){
            $pass_set['user_id'];
            $pass_set['user_name'];
            $pass_set['user_pass'];
            // validating.
            if(empty($old_pass)|| empty($password)|| empty($new_pass)){
                $msg = "ALL THE FIELDS ARE REQUIRED"; 
            }
            else if ($pass_set['user_pass']!=$old_pass)
            {
                $msg = "PASSWORD DID'NT MATCH!";  
            }
            else if ($password != $new_pass)
            {
                $msg = "NEW PASS DID'NT MATCH!";
            }
            else if ($new_pass == $old_pass)
            {
                $msg = "CAN NOT MATCH THE OLD PASSWORD";
            }
            else
            {
                //if the password is accepted than hashing it.
                $salt = time();
                $hashedPassword = sha1($new_pass . $salt);
                //updating the hashed password.
                $change_pass  = "UPDATE users ";
                $change_pass .= "SET user_pass = '".$hashedPassword."' ";
                $change_pass .= "WHERE user_name = '".$_SESSION['user_name']."' ";
                $change_pass .= "LIMIT 1 ";

                $pass_query = mysql_query($change_pass) or die (mysql_error());
                //checking query
                if ($pass_query)
                {
                    $msg = "Password Changed";
                }
                else
                {
                    $msg = "Invalid"; 
                }
            }
        }
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Example form</title>
<style type="text/css">
.container1 {
    width: 500px;
    clear: both;
}
.container1 input {
    width: 100%;
    clear: both;
}
</style>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="style.css" />
<title>Change Password</title>
</head>
<body>
<div id="container">
    <div id="header">
        <h1 style="text-align:left">Quality Management<span class="off"> Cell</span></h1>
    </div>   
    <div id="menu">
        <ul>
            <li class="menuitem"><a href="cms.php">Home</a></li>
            <li class="menuitem"><a href="cms-attendance.php">Attendance</a></li>
            <li class="menuitem"><a href="cms-courses.php">Courses</a></li>
            <li class="menuitem"><a href="cms-settings.php">Settings</a></li>
        </ul>
        <a style="text-align:right" href="cms-logout.php">Logout</a>
    </div>
    </div>        
    <div id="content" align="justify">
    <div id="content_top"></div>
    <div id="content_main">
<div id="wrapper">             
<?php
$current_page = $_SERVER['PHP_SELF'];
?>
<form class="login-form" method ="post" action="<?php echo $current_page; ?>">
      <label for="password">Old Password:</label>
      <input name="old_password"/><br /><br />
      <label for="password">New Password:</label>
      <input name="n_password"/><br /><br />
      <label for="password">Confirm new Password:</label>
      <input name="new_password"/><br />
       <p>
        <br />
        <input class="button" name="submit" type="Submit" value="Done"/>
  </form>
  <?php echo $msg;?>
<p>&nbsp;</p>
<p>&nbsp;</p>
<div id="content_bottom"></div>
  </div>
</div>
</body>
</html>
2
Contributors
2
Replies
23
Views
3 Years
Discussion Span
Last Post by engrjd91
0

You can use 'crypt'

$hashed_password = crypt($password); <- storing

$hashed_password = crypt($password,$row->password); <-validating

0

I want to read my password here. Because the hashed password is stored in the database. I want to compare my provided password's hash to the hash password stored in database.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.