PHP Password Setting, MySQL Resetting

swain90 · 23 Aug 2017 at 14:12

Hi All,

I've recently setup an xampp web server as I needed some sort of system where users could log into a web page and upload some files to a pc.

I have the login working and I can create new users, however I can't seem to find a way to reset users passwords using mysql through phpmyadmin.

Below is the code taken from my register.php web page where it first process' the users password.

Code:

    // Check input errors before inserting in database
    if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){
       
        // Prepare an insert statement
        $sql = "INSERT INTO users (username, password) VALUES (?, ?)";
       
        if($stmt = mysqli_prepare($link, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "ss", $param_username, $param_password);
           
            // Set parameters
            $param_username = $username;
            $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
           
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Redirect to login page
                header("location: login.php");
            } else{
                echo "Something went wrong. Please try again later.";
            }
        }
       
        // Close statement
        mysqli_stmt_close($stmt);
    }

I'm guessing here but I think it something to do with how the password is hashed and put into the database?

This is the SQL query I've managed to get working to update the password field in the table, however when I try and login with the new password it doesn't work;
UPDATE `users` SET `password` = PASSWORD('2') WHERE `users`.`id` = 2

Any help would be appreciated, php/mysql isn't my strongest point so please be easy on me

Cheers,

Swain90

Deleted member 77746 · 23 Aug 2017 at 18:15

Don't even bother making your own.. unless this homework. Give own cloud a go, or pydio....

touch · 24 Aug 2017 at 09:28

PHP's password_hash() uses a different hashing algorithm to mysql's PASSWORD() so hashing the same password produces a different result in each and that's why you'll get an error saying the password is wrong.
You'll need to create a php page which can reset a password using password_hash().

swain90 · 24 Aug 2017 at 11:21

touch said:
PHP's password_hash() uses a different hashing algorithm to mysql's PASSWORD() so hashing the same password produces a different result in each and that's why you'll get an error saying the password is wrong.
You'll need to create a php page which can reset a password using password_hash().

Was just coming here to say that's what I've done. All now working!

Code:

    // Check input errors before inserting in database
    if(empty($username_err) && empty($password_err) && empty($confirm_password_err)){

            // Set parameters
            $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
            $param_username = $username;
        
        // Prepare an insert statement
        $sql = "UPDATE users SET password = ? WHERE username = ?";
        if($stmt = mysqli_prepare($link, $sql)){
            // Bind variables to the prepared statement as parameters
            mysqli_stmt_bind_param($stmt, "ss", $param_password, $param_username);
            
            // Set parameters
            $param_username = $username;
            $param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
            
            // Attempt to execute the prepared statement
            if(mysqli_stmt_execute($stmt)){
                // Redirect to login page
                header("location: login.php");
            } else{
                echo "Something went wrong. Please try again later.";
            }
        }
        // Close statement
        mysqli_stmt_close($stmt);
    }