php update password in php

1. // begin HTML form
2. <!DOCTYPE html>
3. <html lang="en">
4. <head>
5.     <meta charset="UTF-8">
6.     <meta name="viewport" content="width=device-width, initial-scale=1.0">
7.     <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/css/bootstrap.min.css" integrity="sha384-TX8t27EcRE3e/ihU7zmQxVncDAy5uIKz4rEkgIXeMed4M0jlfIDPvg6uqKI2xXr2" crossorigin="anonymous">
8.     <title>passwords</title>
9. </head>
10. <body>
11. <div class="container">
12. <h1 class="text-center">login</h1>
13.  
14. <form action="login.php" method="post">
15.   <div class="form-group">
16.     <label for="exampleInputEmail1">username</label>
17.     <input type="text" class="form-control" name="username" aria-describedby="emailHelp">
18.   </div>
19.   <div class="form-group">
20.     <label for="exampleInputPassword1">Password</label>
21.     <input type="password" class="form-control" name="password">
22.   </div>
23.   <button type="submit" class="btn btn-primary">Submit</button>
24. </form>
25. </div>
26.  
27. <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
28. <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.5.3/dist/js/bootstrap.bundle.min.js" integrity="sha384-ho+j7jyWK8fNQe+A12Hb8AhRq26LrZ/JpcUGGOn+Y7RsweNrtN/tE3MoK7ZeZDyx" crossorigin="anonymous"></script>  
29. </body>
30. </html>
31.  
32. // end HTML form
33.  
34. // begin PHP processing page
35. <?php
36.  
37. // check to make sure the form has been submitted (POST request)
38. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
39.  
40. // submitted form data
41. $postName = $_POST['username'];
42. $postPassword = $_POST['password'];
43.  
44. echo "The username submitted is: " . $postName . "<br>";
45. echo "The password submitted is: " . $postPassword . "<br>";
46.  
47. // hash the password and assign to variable "$HashedPassword"
48. $HashedPassword=password_hash($postPassword, PASSWORD_DEFAULT);
49. echo "The HASHED password is: " . $HashedPassword . "<br>";
50.  
51. // "MD5" password and assign to variable "$md5Password"
52. $md5Password=md5($postPassword);
53. echo "The MD5 password is: " . $md5Password . "<br><br>";
54.  
55. } else{
56.     echo "only post requests are allowed";
57. }
58.  
59. // set up database connection
60. $servername = "localhost";
61. $username = "root";
62. $password = "";
63.  
64. try {
65.   $conn = new PDO("mysql:host=$servername;dbname=passwords", $username, $password);
66.   // set the PDO error mode to exception
67.   $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
68. } catch(PDOException $e) {
69.   echo "Connection failed: " . $e->getMessage();
70. }
71.  
72. // check to see if user exists
73. $stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
74. $stmt->execute([$postName]);
75. $user = $stmt->fetch();
76.  
77. // check for plain text password
78. if ($user && ($postPassword === $user['password']))
79. {
80.     echo "valid, plaintext" . "<br>";
81.     // now update the database with hashed password
82.     updatePassword($HashedPassword, $user['id']);
83. } else{
84.     // now check if the password is in MD5 format
85.     if ($user && ($md5Password == $user['password']))
86.     {
87.         echo "valid, MD5" . "<br>";
88.      // now update the database with hashed password
89.      updatePassword($HashedPassword, $user['id']);
90.     } else {
91.         // finally, check if password is hashed
92.         if ($user && password_verify($postPassword, $user['password']))
93.         {
94.             echo "valid, hashed" . "<br>";
95.         } else {
96.             echo "invalid password";
97.         }
98.     }
99. }
100.  
101.  
102.  
103. function updatePassword($newPassword, $userId){
104.     global $conn;
105.     $sql = "UPDATE users SET password=? WHERE id=?";
106.     $stmt= $conn->prepare($sql);
107.     $stmt->execute([$newPassword, $userId]);
108.     echo "password has been updated";
109. }
110.  
111. ?>
112.  
113.  
114. // begin MYSQL to create database used with this paste:
115. -- phpMyAdmin SQL Dump
116. -- version 5.0.2
117. -- https://www.phpmyadmin.net/
118. --
119. -- Host: 127.0.0.1
120. -- Generation Time: Oct 22, 2020 at 01:14 AM
121. -- Server version: 10.4.11-MariaDB
122. -- PHP Version: 7.4.5
123.  
124. SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
125. START TRANSACTION;
126. SET time_zone = "+00:00";
127.  
128.  
129. /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
130. /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
131. /*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
132. /*!40101 SET NAMES utf8mb4 */;
133.  
134. --
135. -- Database: `passwords`
136. --
137.  
138. -- --------------------------------------------------------
139.  
140. --
141. -- Table structure for table `users`
142. --
143.  
144. CREATE TABLE `users` (
145.   `id` int(11) NOT NULL,
146.   `username` varchar(255) NOT NULL,
147.   `password` varchar(255) NOT NULL
148. ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
149.  
150. --
151. -- Dumping data for table `users`
152. --
153.  
154. INSERT INTO `users` (`id`, `username`, `password`) VALUES
155. (1, 'user1', 'password'),
156. (2, 'user2', '5f4dcc3b5aa765d61d8327deb882cf99'),
157. (3, 'user3', '$2y$10$Wk9ge/TJAQqwb3wbhOTryeSWdFo6GaAc.dks05LG2esFBDTqWZsFu');
158.  
159. --
160. -- Indexes for dumped tables
161. --
162.  
163. --
164. -- Indexes for table `users`
165. --
166. ALTER TABLE `users`
167.   ADD PRIMARY KEY (`id`);
168.  
169. --
170. -- AUTO_INCREMENT for dumped tables
171. --
172.  
173. --
174. -- AUTO_INCREMENT for table `users`
175. --
176. ALTER TABLE `users`
177.   MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=4;
178. COMMIT;
179.  
180. /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
181. /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
182. /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
183.