I am doing a password reset page for my website and when a user puts a new password on the it goes to the PHP with this code:
Until now I cannot make the php compare the two new entered passwords to verify if they are equal or not, it simply jumps over that part.
P.S. don't mind the $senha = md5($password) it is like this for easy troubleshoot on localhost (MAMP).
<?php
session_start();
include("connectivity.php");
$user_id = $_SESSION['ResetUtilizadorID'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$sql = mysqli_query($conn, "SELECT FROM usuarios WHERE id ='".$user_id."'");
$password = $password1;
$senha = md5($password);
$adminID = $_SESSION['usuarioNiveisAcessoId'];
if (strpos($user_id,$adminID) == true) {
$_SESSION['avisoReset'] = "WARNING: Not possible to change admin passoword.";
header('Location: ../login/reset_password.php');
} else {
while ($row = mysqli_fetch_array($query)) {
if ($senha == $row['senha']){
$_SESSION['avisoReset'] = "Password already taken";
header('Location: ../login/reset_password.php');
} else {
if ($_POST['password1'] !== $_POST['password2']){
$_SESSION['avisoReset'] = "Passwords are not equal";
header('Location: ../login/reset_password.php');
} else {
mysqli_query($conn, "UPDATE usuarios SET senha = '".$senha."' WHERE id='".$user_id."'");
$sql = 'SELECT * FROM usuarios';
$query = mysqli_query($conn, $sql);
if (!$query) {
die ('SQL Error: ' . mysqli_error($conn));
}
$_SESSION['avisoReset'] = "New password set";
//header('Location: ../login/reset_password.php');
}
}
}
}
?>
Aucun commentaire:
Enregistrer un commentaire