0
首先要做的事情。我知道bcrypt是一個更好的選擇,我確實有一個已經加密的代碼只是godaddy不支持bcrypt。所以我現在必須堅持這個版本。更新數據庫中的密碼
所以我想要一個表單更新/更改用戶的密碼。當然,它不會更新。
的代碼被分成部分的形式:
<?php
if(empty($_POST) === false) {
if(empty($_POST['current_password']) || empty($_POST['password']) || empty($_POST['password_again'])){
$errors[] = 'All fields are required';
}else if($bcrypt->verify($_POST['current_password'], $user['password']) === true) {
if (trim($_POST['password']) != trim($_POST['password_again'])) {
$errors[] = 'Your new passwords do not match';
} else if (strlen($_POST['password']) < 6) {
$errors[] = 'Your password must be at least 6 characters';
} else if (strlen($_POST['password']) >18){
$errors[] = 'Your password cannot be more than 18 characters long';
}
} else {
$errors[] = 'Your current password is incorrect';
}
}
if (isset($_GET['success']) === true && empty ($_GET['success']) === true) {
echo '<p>Your password has been changed!</p>';
} else {?>
<h1>Change Password</h1>
<fieldset>
<legend>Log In</legend>
<?php
if (empty($_POST) === false && empty($errors) === true) {
$users->change_password($user['id'], $_POST['password']);
header('Location: change-password.php?success');
} else if (empty ($errors) === false) {
echo '<p>' . implode('</p><p>', $errors) . '</p>';
}
?>
<form action="" method="post">
<table border="0">
<tr>
<td width="200">
Current password:
</td>
<td>
<input type="password" name="current_password">
</td>
</tr>
<tr>
<td>
New password:
</td>
<td>
<input type="password" name="password">
</td>
</tr>
<tr>
<td>
New password again:
</td>
<td>
<input type="password" name="password_again">
</tr>
</table>
<br>
<input type="submit" value="Change password">
</form>
<?php
}
?>
</fieldset>
和PHP代碼:
public function change_password($user_id, $password) {
//global $bcrypt;
/* Two create a Hash you do */
$timeNew = time();
$email_codeNew = hash("sha256", $username + microtime());
$password_hash = hash("sha256", $password);
$query = $this->db->prepare("UPDATE `users` SET `password` = ?, `email_code` = ?, `time` = ? WHERE `id` = ?");
$query->bindValue(1, $password_hash);
$query->bindValue(2, $email_codeNew);
$query->bindValue(3, $timeNew);
$query->bindValue(4, $user_id);
try{
$query->execute();
return true;
} catch(PDOException $e){
die($e->getMessage());
}
}
取而代之的是什麼?有瀏覽器輸出嗎?你有沒有檢查過,以確保你認爲存在的一切都存在? – DiMono
您已確定數據庫中的預期行未更新,但代碼執行了哪些操作?是否有錯誤訊息?你的日誌中有什麼?當你調試它時,它在什麼時候失敗?什麼時候發生相關的運行時間值? – David
瀏覽器輸出爲空,而不是錯誤或成功。它顯示空白。 – patgarci