小贝子编程

在mysql表中更改密码



嗨,我的更改密码脚本有问题。我试图允许用户在mysql表"ptb_users.password"中更改密码,假设将其存储为md5。

当我在表单中点击提交时,我假设它会转到changepassword.php,但页面是空白的,没有任何响应,我也没有收到任何错误。

有人能告诉我这个哪里出了问题吗,谢谢

这是我的表格:

<?php 
// CONNECT TO THE DATABASE
    require('includes/_config/connection.php');
// LOAD FUNCTIONS
    require('includes/functions.php');
// GET IP ADDRESS
    $ip_address = $_SERVER['REMOTE_ADDR'];  
?>
  <?php require_once("includes/sessionframe.php"); 
  require('includes/checks.php');
?>

<?php
if (isset ($_GET['to'])) {
$user_to_id = $_GET['to'];
}
?> 
<?php 
//We check if the form has been sent
if(isset($_POST['subject'], $_POST['message_content']))
{
    $subject = $_POST['subject'];
    $content = $_POST['message_content'];
        //We remove slashes depending on the configuration
        if(get_magic_quotes_gpc())
        {
                $subject = stripslashes($subject);
                $content = stripslashes($content);
        }
        //We check if all the fields are filled
        if($_POST['subject']!='' and $_POST['message_content']!='')
        {
            $sql = "INSERT INTO ptb_messages (id, from_user_id, to_user_id, subject, content) VALUES (NULL, '".$_SESSION['user_id']."', '".$user_to_id."', '".$subject."', '".$content."');";
            mysql_query($sql, $connection);
            echo "<div class="infobox2">The message has successfully been sent.</div>";
        }
}

if(!isset($_POST['subject'], $_POST['message_content']))
if (empty($_POST['subject'])){
        $errors[] = 'The subject cannot be empty.';
    if (empty($_POST['body'])){
        $errors[] = 'The body cannot be empty.';
    }
    }
{
?>

<form method="post" action="includes/changepassword.php" name="form1" id="form1">
<input type="password" name="oldpassword" id="password" class="subject" placeholder="Old Password">
<input type="password" name="oldpassword" id="password" class="message" placeholder="Old Password">
<input type="password" name="newpassword" id="newpassword" class="message" placeholder="New Password">
<input type="image" src="assets/img/icons/loginarrow1.png" name="submit" id="submit" class="submit">
</form>

这是我的mysql函数:

<?php
require_once("session.php"); 
require_once("functions.php");
require('_config/connection.php');
?>
<?php 
session_start();
include '_config/connection.php'; 
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];
$result = mysql_query("SELECT password FROM ptb_users WHERE id=".$_SESSION['user_id']."");


if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else 
if($password!= mysql_result($result, 0)) 
{ 
echo ""; 
} 
if($newpassword=$confirmnewpassword) 
{
    $newpassword=md5($newpassword);
    $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id'].""); 
}
    if($sql) 
    { 
    echo "Thank You. Your Password has been successfully changed."; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}  
?>

if(isset($_POST['submit']))
{
   $email = $_POST['email'];
   echo $newpassword = ($_POST['password1']);
   echo $confirmpasssword = ($_POST['password2']);
        if($newpassword=$confirmpassword) 
        {
            echo $newpassword = md5($newpassword);
            echo $result = mysql_query("UPDATE users SET password='$newpassword' WHERE email='$email' "); 
        }
                if($result) 
                { 
                echo "Thank You. Your Password has been successfully changed."; 
                }
            else
            { 
            echo "The new password and confirm password fields must be the same"; 
            }  
}
can anyone tell me is this correct coding, to change password and store in mysqldb.

首先,您没有正确检查旧密码(md5存储,明文比较…不起作用)第二,你没有任何确认密码设置,所以这不会工作太

有效的方法是:

$password = md5($_POST['password']);
$newpassword = md5($_POST['newpassword']);
$result = mysql_query("SELECT password FROM ptb_users WHERE id=".$_SESSION['user_id']." AND password = '".$password."'");
if(!$result) 
{ 
echo "The username you entered does not exist or old password didn't match"; 
} 
else
{
     $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id'].""); 
}
if($sql) 
{ 
    echo "Thank You. Your Password has been successfully changed."; 
}

这有很多问题。

让我们先把基础知识排除在外:

  1. 不要使用mysql函数。尽可能切换到PDO或mysqli。

  2. md5已经奄奄一息。看到这个答案——可以理解的是,你可能在md5中根深蒂固,如果不纠缠每个用户更新他们的pw,你就无法脱身

那么你的问题是:

if($password!= mysql_result($result, 0))

您没有与md5存储的哈希进行比较。应该是这样的:

if(md5($password) != mysql_result($result, 0))

这个:

if($newpassword=$confirmnewpassword)

只是重新分配一个变量。我想你想要

if($newpassword == $confirmnewpassword)

至于输出,您可能需要考虑您在这里使用的if/else结构。这可能会被大幅清理,所有这些看起来都过时了。也许只是一种意见。

如果你有什么具体的事情需要改进,请告诉我,我可能会更新。

编辑

整个街区都应该清理干净。这样的东西可能会有所帮助:

if(!$result) 
{ 
    echo "The username you entered does not exist"; 
} 
else
{
    if(md5($password) != mysql_result($result, 0)) 
    { 
        echo "Current PW does not match what we have"; 
    }
    else
    {
        if($newpassword == $confirmnewpassword) 
        {
            $newpassword=md5($newpassword);
            $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id']."") or die(mysql_error());
            if($sql) 
            { 
              echo "Thank You. Your Password has been successfully changed."; 
            } 
        }
        else
        { 
            echo "The new password and confirm new password fields must be the same"; 
        }
    } 
}

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium