這是我的代碼,我想更新密碼與給定的新密碼$new_password
,驗證它與$new_password2
並檢查當前給定的密碼是否匹配$old_password
。檢查哈希密碼,並在php
<?php
if (isset($_POST['submit'])) {
//validations
$required_fields = array("username", "old_password", "password", "password2");
validate_presences($required_fields);
$fields_with_max_lengths = array("username" => 30);
validate_max_lengths($fields_with_max_lengths);
if(empty($errors)) {
//process the form
$id = $admin["id"];
$username = mysql_prep($_POST["username"]);
$new_password = password_encrypt($_POST["password"]);
$old_password = password_encrypt($_POST["old_password"]);
$new_password2 = password_encrypt($_POST["password2"]);
您必須給出的兩個密碼必須相互相等才能更改密碼。所有三個密碼都被散列。驗證新密碼需要使用$new_password
和$new_password2
。 $old_password
也必須更新爲$new_password
。如果ID等於數據庫中的編號並且$old_password
與當前的$old_password
匹配,則必須更改它。
if ($new_password == $new_password2) {
//update
$query = "UPDATE admins SET ";
$query .= "username = '{$username}', ";
$query .= "password = '{$new_password}', ";
$query .= "old_password = '{$new_password}', ";
$query .= "password2 = '{$new_password}' ";
$query .= "WHERE id = {$id} ";
$query .= "AND old_password = '{$old_password}' ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
//success
$_SESSION["message"] = "Admin updated.";
redirect_to("manage_admins.php");
} else {
//failure
$_SESSION["message"] = "Admin update failed1";
}
} else {
$_SESSION["message"] = "Admin update failed2";
}
} else {
$_SESSION["message"] = "Admin update failed3";
}
} else {
}
?>
你跑什麼問題? – Nick
什麼是'password_encrypt'?你的意思是[password_hash](http://php.net/manual/en/function.password-hash.php)? – Machavity
它告訴我我有一個錯誤,如果($ new_password == $ new_password2){} –