我正在编写一个PHP文件,允许用户更改密码,但我遇到了一个奇怪的问题。我需要旧密码来确认帐户和新密码。如果凭据是正确的,此页面总是向我返回用户的密码不正确,因此在第12行"旧密码错误"中返回echo。如果我在pgAdmin查询工具中启动"select*from utente"来查看密码,我不会在密码框中看到任何更改。然后,如果我回到表格更改密码,如果我在旧密码框中输入我以前想更改的新密码,但由于以前没有识别出旧密码,所以似乎没有被接受,那么程序就成功了。我发誓我不明白为什么。我以为这是md5中的一个错误,但它也不适用于sha1。我知道两者都不安全,但现在我不得不使用其中一个。我该如何解决?提前感谢
<?php
$dbconn = pg_connect("host=localhost port=5432 dbname=progetto user=postgres password=password")
or die('Could not connect:' . pg_last_error());
if(!(isset($_POST['changeButton']))){
header("Location: utente.php");
}else{
$email = $_COOKIE["cookieEmail"];
$oldPassword = sha1($_POST['oldpassword']);
$q1="select * from utente where email = $1 and password = $2";
$result=pg_query_params($dbconn,$q1,array($email, $oldPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Old password wrong</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
$newPassword = sha1($_POST['newpassword']);
$q2 = "update utente set password=$1 where email=$2";
$result=pg_query_params($dbconn, $q2, array($newPassword, $email));
if($result==true){
$q3="select * from utente where email = $1 and password = $2";
$result=pg_query_params($dbconn,$q3,array($email, $newPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Error</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
header("Location: utente.php");
}
}else{
echo "<h1>Error 2</h1>
<a href=formCambiaPassword.php>Click here</a>";
}
}
}
?>
当if语句应该检查false时,它正在查找true。
if(!pg_fetch_array($result ,null ,PGSQL_ASSOC)){
您的代码应该如下:
<?php
$dbconn = pg_connect("host=localhost port=5432 dbname=progetto user=postgres password=password")
or die('Could not connect:' . pg_last_error());
if(!(isset($_POST['changeButton']))){
header("Location: utente.php");
}else{
$email = $_COOKIE["cookieEmail"];
$oldPassword = sha1($_POST['oldpassword']);
$q1="select * from utente where email = $1 and password = $2";
$result=pg_query_params($dbconn,$q1,array($email, $oldPassword));
if(!pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Old password wrong</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
$newPassword = sha1($_POST['newpassword']);
$q2 = "update utente set password=$1 where email=$2";
$result=pg_query_params($dbconn, $q2, array($newPassword, $email));
if($result==true){
$q3="select * from utente where email = $1 and password = $2";
$result=pg_query_params($dbconn,$q3,array($email, $newPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Error</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
header("Location: utente.php");
}
}else{
echo "<h1>Error 2</h1>
<a href=formCambiaPassword.php>Click here</a>";
}
}
}
?>