1. 首頁
  2. 問答
  3. PHP函數錯誤不更新密碼,但收到OK消息

PHP函數錯誤不更新密碼,但收到OK消息

2013-01-06 25 views
1

我試圖改變從登錄的用戶的密碼。在網頁上,它說的密碼已更改,但它不會改變,而不是在數據庫中,而不是在所有。我嘗試使用新密碼登錄,但只有舊密碼才能登錄。我確實刷新了頁面和所有內容。我試了幾天,我想知道是否有人會好好地發現我的錯誤。今晚我以爲這可能是因爲密碼是用數據庫上的md5加密的。我會如何繼續,因爲我已經嘗試了一些東西,並沒有工作。PHP函數錯誤不更新密碼,但收到OK消息

error_reporting(E_ALL); ini_set("display_errors","On"); 
<?php include "includes/connection.php" ?> 
<?php 
session_start(); 

if(@$_REQUEST["Submit"]=="Update") 
{ 
$sql="update users set password ='$_REQUEST[newpassword]' where  user='$_SESSION[myusername]'"; 
if (!mysql_query($sql)) die('err: PROBLEM IN QUERY: '.mysql_error()); 
header("Location:changpass.php?msg=updated"); 
} 
else 
die('err: PROBLEM IN REQUEST'); 

?> 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> 
<HTML><HEAD><TITLE>Change password</TITLE> 
<script language="javascript" type="text/javascript"> 
function validate() 
{ 

var formName=document.frm; 

if(formName.newpassword.value == "") 
{ 
document.getElementById("newpassword_label").innerHTML='Please Enter New Password'; 
formName.newpassword.focus(); 
return false; 
} 
else 
{ 
document.getElementById("newpassword_label").innerHTML=''; 
} 


if(formName.cpassword.value == "") 
{ 
document.getElementById("cpassword_label").innerHTML='Enter ConfirmPassword'; 
formName.cpassword.focus(); 
return false; 
} 
else 
{ 
document.getElementById("cpassword_label").innerHTML=''; 
} 


if(formName.newpassword.value != formName.cpassword.value) 
{ 
document.getElementById("cpassword_label").innerHTML='Passwords Missmatch'; 
formName.cpassword.focus() 
return false; 
} 
else 
{ 
document.getElementById("cpassword_label").innerHTML=''; 
} 
} 
</script> 
<style type="text/css"> 
<!-- 
.style1 {font-weight: bold} 
.style7 { 
color: yellow; 
font-size: 24px; 
} 
.style9 { 
color: #FF6666; 
font-weight: bold; 
} 
.style12 { 
color: #666666; 
font-weight: bold; 
} 
.style14 {color: #CC0033; font-weight: bold; } 
--> 
</style> 
<META http-equiv=Content-Type content="text/html; charset=windows-1252"> 
</HEAD> 
<BODY> 

<form action="changpass.php" method="post" name="frm" id="frm" onSubmit="return validate();"> 
<table width="47%" border="1" cellspacing="0" cellpadding="0"> 
<tr> 
<td colspan="2" align="center"></td> 
</tr> 
<tr bgcolor="#666666"> 
<td colspan="2"><span class="style7">Change Password</span></td> 
</tr> 
<?php if(isset($_REQUEST['msg']) && $_REQUEST['msg'] == 'updated') { ?> 
<tr bgcolor="#666666"> 
<td colspan="2"><span class="style7">Password has been changed successfully.</span></td> 
</tr> 
<?php } ?> 
<tr> 
<td bgcolor="#CCCCCC"><span class="style14">New Password:</span></td> 
<td bgcolor="#CCCCCC"><input type="password" name="newpassword" id="newpassword" size="20" autocomplete="off"/>&nbsp; <label id="newpassword_label" 

class="level_msg"></td> 
</tr> 
<tr> 
<td bgcolor="#CCCCCC"><span class="style14">Confirm Password:</span></td> 
<td bgcolor="#CCCCCC"><input type="password" name="cpassword" id="cpassword" size="20" autocomplete="off">&nbsp; <label id="cpassword_label" 

class="level_msg"></td> 
</tr><tr bgcolor="#666666"><td colspan="2" align="center"><input type="submit" name="Submit" value="Update" /></td> 
</tr></table><a href="index.php">Home</a></form></BODY></HTML>`

來源

2013-01-06 learnerNo1

+2

我想你應該使用$ _GET(而不是$ _REQUEST) – pzirkind

+4

檢查'mysql_error()'。 (另外,你在這段代碼中有一個可能的mysql注入) –

+1

@Blauesocke好點,他應該看看這個:http://stackoverflow.com/questions/2555255/how-can-i-protect-this-code- from-sql-injection-a-bit-confused?rq = 1 – pzirkind

回答

2

我增進了你的代碼:

<?php 
    if ($_REQUEST['Submit'] == "Update") 
    { 
     $sql = "UPDATE `users` SET `password`='".$_REQUEST['newpassword']."' WHERE `user`='".$_SESSION['myusername']."'"; 
     mysql_query($sql); 
     header("Location: changpass.php?msg=updated"); 
     exit; 
    } 
?>

若要使用此代碼請確保以下幾點:

1)你有正確的提交按鈕,例如是以下幾點:

<input type="submit" name="Submit" value="Update" />

你有正確的密碼字段2),例子如下:

<input type="password" name="newpassword" value="" />

3)會議已根據關鍵myusername

4被設置)確保你的表字段和名稱都可以。做更多的調試。

如果仍然無法解決,請添加表單代碼以供進一步調查。

編輯

下面是該代碼的一些基本調試目的的解釋,這可能有助於:

<?php 
    if (isset($_REQUEST['Submit']) && $_REQUEST['Submit'] == "Update") 
    { 
     if (!isset($_SESSION['myusername'])) trigger_error("DEBUG: SESSION VARIABLE IS NOT SET"); 
     if (!isset($_REQUEST['newpassword']) || empty($_REQUEST['newpassword'])) trigger_error("DEBUG: NEW PASSWORD IS NOT GIVEN"); 

     $sql = "UPDATE `users` SET `password`='".mysql_real_escape_string($_REQUEST['newpassword'])."' WHERE `user`='".mysql_real_escape_string($_SESSION['myusername'])."'"; 
     $qw = mysql_query($sql); 
     if (!$qw) trigger_error("DEBUG: MYSQL RESPONDED WITH ERROR - ".mysql_error()); 

     header("Location: changpass.php?msg=updated"); 
     exit; 
    } 
?>

UPDATE:調試步驟#1

更改代碼中你的PHP文件,並告訴我們是否顯示任何錯誤消息。

if(@$_REQUEST["Submit"]=="Update") 
{ 
    $sql="update users set password ='$_REQUEST[newpassword]' where  user='$_SESSION[myusername]'"; 
    if (!mysql_query($sql)) die('err: PROBLEM IN QUERY: '.mysql_error()); 
    header("Location:changpass.php?msg=updated"); 
} 
else 
    die('err: PROBLEM IN REQUEST');

來源

2013-01-06 23:47:51 Davit

相關問題

 相關問題