0

Hello, I found this script and have used it for my login system.

http://www.wikihow.com/Discussion:Create-a-Secure-Login-Script-in-PHP-and-MySQL

I have changed some variables but none the less its the same.

I am trying to create a reset password script here is what i tried so far:

function resetPassword(){

    //Main Info
    $id = $_POST['id']; 
    $email = $_POST['email']; 
    $pass= $_POST['password'];
    //salt and pass info
    $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));
    $password = hash('sha512', $pass.$random_salt);
    //Run the Query
    $update_stmt = $mysqli->prepare("UPDATE members SET password='$password' AND salt='$random_salt' WHERE id = ?");
    $update_stmt->bind_param('s', $id);
    if($update_stmt->execute()) {
    if(login($email, $password, $mysqli) == true) {
        header('Location: ../signin.php?pass=1'); 
        }else {
        header('Location: ../passreset.php?error=1'); 
        }
    }
}

but its not updating the password in the database. I have it in a functions.php page to enable it to work and be called. any ideas why its not working?

3
Contributors
3
Replies
21
Views
3 Years
Discussion Span
Last Post by patk570
1
UPDATE members SET password='$password', salt='$random_salt' WHERE id = ?

The AND is messing it up, thus the query fails.

0

Ahh thanks pritaeas!, Sikander, mysql is outdated and will not use it. I perfer mysqli or PDO Thanks though.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.