Home/ Questions/Q 8344237
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T06:18:03+00:00

I am using mysqli and php and what I am trying to do is

  • 0

I am using mysqli and php and what I am trying to do is that I want the user to be able create a new password if they wish to do this.

For a user to change their password, the will enter in their username in the “Username” textbox and then type in their new password in the “New Password” textbox.

When the user submits the form, it should look in the database, find the username which matches in the database and update that row so the previous password changes to a new password and it also salts the password for better encryption.

But the problem is that it is not doing this at all. The database is not updating the password at all, never mind salting them and I can’t figure out what I need to do.

Below is my attempt (I have connected to db but just not included that code below):

     <?php
          // PHP code
          session_start(); 

          $salt = ""; 
        for ($i = 0; $i < 40; $i++) { 
           $salt .= substr(
             "./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", 
             mt_rand(0, 63), 
             1); 
        }


          $username = (isset($_POST['username'])) ? $_POST['username'] : '';
          $newpassword = (isset($_POST['newpassword'])) ? $_POST['newpassword'] : '';

          if (isset($_POST['submit'])) {

            // don't use $mysqli->prepare here
     $query = "UPDATE Teacher SET TeacherSalt = $salt, TeacherPassword = SHA1(CONCAT($newpassword,$salt)) WHERE TeacherUserName = ?";
            // prepare query
            $stmt=$mysqli->prepare($query);
            // You only need to call bind_param once
            $stmt->bind_param("s",$username);
            // execute query
            $stmt->execute(); 
            // get result and assign variables (prefix with db)
            $stmt->bind_result($dbTeacherUsername,$dbTeacherPassword);

            while($stmt->fetch()) {
              if ($username == $dbTeacherUsername) {
                $loggedIn = true;
              }
            }

            /* close statement */
            $stmt->close();

            /* close connection */
            $mysqli->close();


          }

....

          <p>Username</p><p><input type="text" name="username" /></p>      <!-- Enter Teacher Username-->
          <p>New Password</p><p><input type="password" name="newpassword" /></p>  <!-- Enter Teacher Password-->

Below is what the database table currently looks like:

TeacherUsername    TeacherPassword     TeacherSalt
j.lu               fgrfre4r4ffsdfv

So if j.lu wanted to change password, then she will enter in her username and then enter in a new password, then this should all be updated into the table above. But it isn’t updating anything.

Thank you

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You are fetching the username into variable named $username but you are binding a variable called $teacherusername in bind_param(), which is why the query does not fetch any results.

    The bind_param code should be:

        // You only need to call bind_param once
    $stmt->bind_param("s",$username);
    • 0