Jazzy 1012
asked on
Create new password with id in link
<?php
require "connection.php";
if($_GET['id'] != '' && is_numeric($_GET['id']))
{
$id=$_GET['id'];
$query1="UPDATE users set password = '$pass' WHERE id='$id'";
mysqli_query($conn,$query1);
if($query1)
{
header('Location: index.php');
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<link href="//netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css" rel="stylesheet">
<link href = "http://fonts.googleapis.com/css?family=Roboto:400">
<link href="//maxcdn.bootstrapcdn.com/font-awesome/4.2.0/css/font-awesome.min.css" rel="stylesheet">
</head>
<body>
<style>
{
background-color:#fff;
-webkit-font-smoothing: antialiased;
font: normal 14px Roboto,arial,sans-serif;
}
.container {
padding: 25px;
position: fixed;
}
.form-login {
background-color: #EDEDED;
padding-top: 10px;
padding-bottom: 20px;
padding-left: 20px;
padding-right: 20px;
border-radius: 15px;
border-color:#d2d2d2;
border-width: 5px;
box-shadow:0 1px 0 #cfcfcf;
}
h4 {
border:0 solid #fff;
border-bottom-width:1px;
padding-bottom:10px;
text-align: center;
}
.form-control {
border-radius: 10px;
}
.wrapper {
text-align: center;
}
</style>
<div class="container">
<div class="row">
<div class="col-md-offset-5 col-md-3">
<form action="login.php" method="post">
<title> Welcome</title>
<div class="form-login">
<h4>Please enter your new Password</h4>
<input type="password" id="password" name= "password" class="form-control input-sm chat-input" placeholder="password" required />
</br>
<input type="password" id="password" name= "con-password" class="form-control input-sm chat-input" placeholder="Re-enter password" required />
</br>
<div class="wrapper">
<span class="group-btn">
<input type="submit" class= "btn btn-primary btn md" value="Submit" >
</span>
</div>
</div>
</form>
</div>
</div>
</div>
</body>
</html>
I get an email that takes me here which is a form to write a new password, the url contains my id, but with this is doesnt update, I guess the id didnt pass or idk im not sure what is wrong
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The problem you'll have with using the ID in the URL, is that anyone can call that page, guess at an ID and then change the password to whatever they like. For example, it wouldn't be too difficult to guess the URL and ID format. Very easy to then call
ChangePassword.php?id=12
Your system is then compromised.
There are usually quite a few moving parts to this. To prevent the above problem, you would create some kind of hash key and then send that to the user. If you system only keeps that hash active for, say 1 hour, and validates it against their email, you have a lot more security.
Having said all that if you want to carry on regardless, take a look at this very simple example of a parameterise query.
ChangePassword.php?id=12
Your system is then compromised.
There are usually quite a few moving parts to this. To prevent the above problem, you would create some kind of hash key and then send that to the user. If you system only keeps that hash active for, say 1 hour, and validates it against their email, you have a lot more security.
Having said all that if you want to carry on regardless, take a look at this very simple example of a parameterise query.
if ($stmt = mysqli_prepare($conn, "UPDATE users set password = ? WHERE id= ?")) {
/* bind your parameters */
mysqli_stmt_bind_param($stmt, "si", $_POST['password'], $id);
/* execute query */
if (mysqli_stmt_execute($stmt))
{
/* Success */
}
else
{
/* Failure */
}
}
It won't prevent all of the problems I've mentioned but it will at least prevent the SQL injection attacks
ASKER
okayy thanks
ASKER