如果其他人無法使我

Question

我不斷收到我的錯誤，我必須在我的代碼中正確輸入兩個新密碼。那不是我想要的。如果填寫了密碼字段，則應檢查密碼匹配並符合要求。否則，它應該更新配置文件。但它沒有這樣做。 IT仍檢查密碼字段。你能告訴我我的代碼有什麼問題嗎？

<?php 
    if ($post == "yes") { 


    $uppercase = preg_match('@[A-Z]@', $password); 
    $lowercase = preg_match('@[a-z]@', $password); 
    $number = preg_match('@[0-9]@', $password); 

    if (isset($password) && ($password != $password2 || !$uppercase || !$lowercase || !$number || strlen($password) < 8)) { 
    echo "<table class=tablenews><tr><td>There is an error with your passwords. Either they do not match, or your new password does not contain 8 characters, a number, a lower and an upper case letter. Go back and retry again. </td></tr></table>"; 

    } 

    else { 
    $password = generateHash($password); 

    $result = mysql_query("UPDATE users SET avatar='" . $avatar . "' WHERE id='". $_SESSION['user_id'] . "'") 
    or die(mysql_error()); 
    $result = mysql_query("UPDATE users SET u_signature='" . $signature . "' WHERE id='". $_SESSION['user_id'] . "'") 
    or die(mysql_error()); 
    $result = mysql_query("UPDATE users SET u_bio='" . $bio . "' WHERE id='". $_SESSION['user_id'] . "'") 
    or die(mysql_error()); 
    $result = mysql_query("UPDATE users SET u_desc='" . $desc . "' WHERE id='". $_SESSION['user_id'] . "'") 
    or die(mysql_error()); 
    $result = mysql_query("UPDATE users SET u_intro='" . $intro . "' WHERE id='".  $_SESSION['user_id'] . "'") 
    or die(mysql_error()); 
     $result = mysql_query("UPDATE users SET password='" . $password . "' WHERE id='". $_SESSION['user_id'] . "'") 
or die(mysql_error()); 
printf('<script>window.location = "http://www.sw-bfs.com/index.php?siteid=profileedit"</script>'); 
} 

    if (!isset($password)) { 
$result = mysql_query("UPDATE users SET avatar='" . $avatar . "' WHERE id='". $_SESSION['user_id'] . "'") 
or die(mysql_error()); 
$result = mysql_query("UPDATE users SET u_signature='" . $signature . "' WHERE id='". $_SESSION['user_id'] . "'") 
or die(mysql_error()); 
$result = mysql_query("UPDATE users SET u_bio='" . $bio . "' WHERE id='". $_SESSION['user_id'] . "'") 
or die(mysql_error()); 
$result = mysql_query("UPDATE users SET u_desc='" . $desc . "' WHERE id='". $_SESSION['user_id'] . "'") 
or die(mysql_error()); 
$result = mysql_query("UPDATE users SET u_intro='" . $intro . "' WHERE id='". $_SESSION['user_id'] . "'") 
or die(mysql_error()); 



    printf('<script>window.location = "http://www.sw-bfs.com/index.php?siteid=profileedit"</script>'); 

} 


} 

else { 
?> 

<table class="tablenews"> 
<tr><th>Edit your Profile</th></tr> 

<?php 
$userfinalid = $_SESSION['user_id']; 
$prAvatar = get_user_data($userfinalid, avatar); 
$prSignature = get_user_data($userfinalid, signature); 
$prBio = get_user_data($userfinalid, bio); 
$prDesc = get_user_data($userfinalid, desc); 
$prIntro = get_user_data($userfinalid, intro); 
?> 

<br><tr><td> 
<form method="post" action="<?php echo $thispage . "?siteid=profileedit"; ?>&proc=New&post=yes&<?php echo $pagevars; ?>"> 

<?php 

echo '<label for="avatar" class=customlabelname>Avatar Link:</label><br><input type="text" class=customlabel name="avatar" value="' . $prAvatar .'"><br>'; 
echo '<label for="bio" class=customlabelname>User Bio:</label><br><textarea rows="10" cols="40" class=customlabel name="bio">' . $prBio .'</textarea><br>'; 
echo '<label for="desc" class=customlabelname>User Description:</label><br><textarea rows="10" cols="40" class=customlabel name="desc">' . $prDesc .'</textarea><br>'; 
echo '<label for="intro" class=customlabelname>User PM Intro:</label><br><textarea rows="10" cols="40" class=customlabel name="intro">' . $prIntro .'</textarea><br>'; 
echo '<label for="signature" class=customlabelname>User Signature:</label><br><textarea rows="10" cols="40" class=customlabel name="signature">' . $prSignature .'</textarea><br>'; 
echo '<label for="password" class=customlabelname>New Password(Leave Blank if it will be the same):</label><input type=password rows="10" cols="40" class=customlabel name="password"></textarea><br>'; 
echo '<label for="password2" class=customlabelname>ReType Password:</label><input type=password rows="10" cols="40" class=customlabel name="password2"></textarea><br>'; 
echo '<input type=submit value="submit" class=button2>'; 
?> 

</td> 
</tr> 
</table> 
<?php 
} 
    ?> 

Answer 1

if (isset($_POST['password']) ...) { 
    // ... display error 
} 

這意味着如果password鍵時的$_POST陣列中存在，顯示錯誤。我想你的意思是如果password鍵不是存在於$_POST數組中，顯示錯誤。如果你要反轉通過把一個!收到：

if (!isset(...) ...) { 

Answer 2

這是否達成什麼是你想要做的事：

if(isset($password)) { 
    if ($password != $password2 || !$uppercase || !$lowercase || !$number || strlen($password) < 8) { 
     error_log('error'); 
    echo "<table class=tablenews><tr><td>There is an error with your passwords. Either they do not match, or your new password does not contain 8 characters, a number, a lower and an upper case letter. Go back and retry again. </td></tr></table>"; 

    } else { 
     $password = generateHash($password); 

     $result = mysql_query("UPDATE users SET avatar='" . $avatar . "' WHERE id='". $_SESSION['user_id'] . "'") 
     or die(mysql_error()); 
     $result = mysql_query("UPDATE users SET u_signature='" . $signature . "' WHERE id='". $_SESSION['user_id'] . "'") 
     or die(mysql_error()); 
     $result = mysql_query("UPDATE users SET u_bio='" . $bio . "' WHERE id='". $_SESSION['user_id'] . "'") 
     or die(mysql_error()); 
     $result = mysql_query("UPDATE users SET u_desc='" . $desc . "' WHERE id='". $_SESSION['user_id'] . "'") 
     or die(mysql_error()); 
     $result = mysql_query("UPDATE users SET u_intro='" . $intro . "' WHERE id='".  $_SESSION['user_id'] . "'") 
     or die(mysql_error()); 
      $result = mysql_query("UPDATE users SET password='" . $password . "' WHERE id='". $_SESSION['user_id'] . "'") 
     or die(mysql_error()); 
     printf('<script>window.location = "http://www.sw-bfs.com/index.php?siteid=profileedit"</script>'); 
    } 
} 

離開你的代碼的其餘部分相同，只是更換第一，如果/其他。

你的代碼格式可以使用一些清理，你應該真的壓縮mysql查詢。