1

I'm working on a PHP script to reset a user's password. I have an email and a token check setup so that those two must be valid before the user is allowed to reset. So far, everything works up to the point where I insert the password into the database. Here's the code for my PDO (I broke the SQL query at those parts so it's easier to glance over):

try {
    $sql = "UPDATE users 
            SET password=:password, sessionTime=:sessionTime, sessionID=:sessionID 
            WHERE sessionID=:sessionID";
    $update = $con->prepare($sql);
    $update->bindValue("password", hash("sha256", $password . $salt), PDO::PARAM_STR);
    $update->bindValue("sessionID", "0", PDO::PARAM_STR );
    $update->bindValue("sessionTime", "0", PDO::PARAM_STR );
    $update->execute();
    echo "<br /> Successfully updated the password!";
} catch(PDOException $e) {
     throw new Exception('something went wrong with the password reset', 0, $e);  
}

$salt and $password are defined prior to this, and when I run the script, it outputs Successfully updated the password!, however, nothing changes in my database. When I copy and paste the query into phpMyAdmin and change the :name parameters to actual strings, it works perfectly (updating my database) and doesn't return any errors - also, I'm not getting anything in php_error.log, so I'm not really sure why this isn't working.

Any help would be appreciated, thank you.

Improve this question

1 Answer 1

Reset to default
1

Can you run the script with errorInfo like below and report the results:

<?php

try {
    $sql = "UPDATE users 
            SET password=:password, sessionTime=:sessionTime, sessionID=:sessionID 
            WHERE sessionID=:sessionID";
    $update = $con->prepare($sql);
    $update->bindValue("password", hash("sha256", $password . $salt), PDO::PARAM_STR);
    $update->bindValue("sessionID", "0", PDO::PARAM_STR );
    $update->bindValue("sessionTime", "0", PDO::PARAM_STR );
    $update->execute();

    var_dump($update->errorInfo());
    echo "<br /> Successfully updated the password!";
} catch(PDOException $e) {
     throw new Exception('something went wrong with the password reset', 0, $e);  
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Yup, this is what I got back: array(3) { [0]=> string(5) "00000" [1]=> NULL [2]=> NULL } , along with it saying it worked.
What happens if you echo hash("sha256", $password . $salt); what do you get? also I see you are setting 'sessionID' where sessionID = '0'. So you have two placeholders for :sessionID but only bind it once.
The hash returns what it should - I was doing that before for error checking. But the sessionID thing worked! I thought I was defined it earlier, but I forgot you have to bind each time you do this sort of query. It works perfectly now, thank you!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.