Hi
I'm working on a simple script to change your password but ran into a little problem. My problem is if i were to put the wrong username in and fill in the rest of the fields, it will still say Password has been successfully updated. Any idea how i can fix this problem? but if i put the right info in it will change the password thanks.\
<?php
$error_message="";
require("common.php");
$minimum_length = 8;
if(!empty($_POST))
{
if(empty($_POST['username']))
{
$error_message="Please enter a Username.";
}
else
{
if(empty($_POST['lastname']))
{
$error_message="Please enter a Lastname.";
}
else
{
if(empty($_POST['zipcode']))
{
$error_message="Please enter a Zip Code/Postal Code.";
}
else
{
if(empty($_POST['email']))
{
$error_message="Please enter a Email Address.";
}
else
{
if(empty($_POST['password']))
{
$error_message="Please enter a Password.";
}
else
{
if (strlen($_POST['password']) < $minimum_length) {
$error_message="Password needs to be 8 characters or longer.";
}
else
{
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
$query_params = array(
':password' => $password,
':salt' => $salt,
':username' => $_POST['username'],
);
$query = "
UPDATE users
SET
password = :password,
salt = :salt
WHERE
username = :username
";
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$error_message="Password has been successfully updated.";
}
}
}
}
}
}
}
?>
