Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Twizere pacifique 201925800174 update password #36

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Twizere pacifique 201925800174 update password #36

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2690afc
UpdatePassword.php: Added the Update password Page UI
Twizere Apr 25, 2020
c2e6e1c
UpdatePasswword: Deleting unused codes and write better comments
Twizere Apr 29, 2020
29559c6
Script.php: Adding the back-end of the update password functionality
Twizere Jun 15, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions Script.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1607,4 +1607,57 @@ function checksize($file)

}

// ################################ Update Password #####################################

if (!empty($_POST["frm_update_password"])) {
//If it fails go back to this location
header("Location: ~/../UpdatePassword.php");
$_SESSION['info_update_password'] ="";
// Getting information form the webpage
$user_id=$_SESSION["user_id"]; // using session is more secure than using forms
$old_password=mysqli_real_escape_string($con,$_POST["old_pwd"]);
$new_password=mysqli_real_escape_string($con,$_POST["new_pwd"]);
$conf_password=mysqli_real_escape_string($con,$_POST["conf_pwd"]);
// Check if the passwords matches
if($conf_password != $new_password){
$_SESSION['info_update_password'] = "Passwords do not match";
return;
}
// Check if the user id exists
$result = mysqli_query($con,
"SELECT * FROM Users_Table WHERE User_ID='$user_id'");
if(mysqli_num_rows($result)==0)
{
$_SESSION['info_update_password'] = "Invalid user information, Please Login again";
return;
}

while($row = mysqli_fetch_assoc($result)) {

$db_password=$row['Password'];
$db_hashed_password=$row['HashPassword'];
$hashed_password=hash('sha512', $old_password);
// Check if the old password is incorect
if (($db_password != $old_password) &&($db_hashed_password != $hashed_password)) {
$_SESSION['info_update_password'] = "The old password is Incorrect";
return;
}

// Update the Password
$hashed_password=hash('sha512', $new_password);
$sql= "UPDATE users_table set HashPassword='$hashed_password' , Password = '$new_password' where User_ID=$user_id;";


if ($con->query($sql) === TRUE)
{
//Notify Password change
error_reporting(0);
$_SESSION["info_login"]=" Password changed successfully , you can login now with your new password ";

//Force the user to login again
header("Location: ~/../logout.php");
} else {
echo "Error: " . $sql . "<br>" . $con->error;
}
}
}
74 changes: 74 additions & 0 deletions UpdatePassword.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
<?php
$page='Update Password';
include 'Header.php';
//getting the user id
$user_d=$_SESSION['user_id'];
?>

<style>
.col-md-4{
border-right: 1px solid skyblue;
}
</style>

<br>

<div class="row" style="width:80%;margin:auto; text-align:left;">
<div class="col-md-6">
<br> Course Portal &gt; Students <br>
<br><br>
</div>
<div class="col-md-6"></div>
</div>

<div class="row" style="width:80%;margin:auto; text-align:left;">
<div class="col-md-6">

<h4>Update Password </h4><hr>

<div class="container">
<!-- Tab panes -->
<div class="tab-content">
<div id="home" class="container tab-pane active"><br>
<form method="post" action="Script.php">
<input type="hidden" class="form-control " name="frm_update_password" value="true" required=""/>
<div class="form-group">
<label for="old_pwd">Old password</label>
<input type="password" class="form-control" id="old_pwd" name="old_pwd" placeholder="Enter old password" required="">
</div>

<div class="form-group">
<label for="old_pwd">New password</label>
<input type="password" class="form-control" id="new_pwd" name="new_pwd" placeholder="Enter new password" required="">
</div>

<div class="form-group">
<label for="old_pwd">Confirm password</label>
<input type="password" class="form-control" id="conf_pwd" name="conf_pwd" placeholder="Confirm new password" required="">
</div>
<div class="form-text text-danger">
<?php
//displaying error information returned by the backend
if(isset($_SESSION['info_update_password']))
{
echo $_SESSION['info_update_password'];
}
?>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit"><br>
</div>
</form>

<hr>



</div>



</div>
<!-- Tab panes -->
</div>
</div>