1. 首頁
  2. 問答
  3. 會員可以更改密碼

會員可以更改密碼

2013-03-18 65 views
0

我已經創建了一個腳本,用戶可以更改密碼。但我得到的錯誤 確認密碼和新密碼犯規的比賽.. 這裏是代碼會員可以更改密碼

<? 
session_start(); 
include 'db.php'; 

if($_POST['username']!="") { 
    $username = $_POST['username']; 
} 
else die("No Username was passed"); 
if($_POST['password']!="") { 
    $password = $_POST['password']; 
} 
else die("No Password was passed"); 
if($_POST['newpassword']!="") { 
    $newpassword = $_POST['newpassword']; 
} 
else die("No NewPassword was passed"); 
if($_POST['confirmnewpassword']!="") { 
    $newpassword = $_POST['confirmnewpassword']; 
} 
else die("No Confirm Password was passed"); 

$username = $_POST['username']; 
$password = $_POST['password']; 
$newpassword = $_POST['newpassword']; 
$confirmnewpassword = $_POST['confirmnewpassword']; 

$result = mysql_query("SELECT password FROM users WHERE username='$username'"); 

    if(!$result){ 
     echo "The username entered does not exist!"; 
    } 
    else 
     if($password != mysql_result($result, 0)){ 
      echo "Entered an incorrect password"; 
      } 

    if($newpassword == $confirmnewpassword){ 
     $sql = mysql_query("UPDATE users SET password = '$newpassword' WHERE username = '$username'");  
    } 

    if(!$sql){ 
     echo "Congratulations, password successfully changed!"; 
    } 
    else{ 
     echo "New password and confirm password must be the same!"; 
    } 

    ?>

這裏表單代碼

<form action="lostpw.php" method="post" name="" id=""> 
              <table width="50%" border="0" align="center" cellpadding="4" cellspacing="0"> 
               <tr> 
                <td width="22%">Username</td> 
                <td width="78%"><input name="username" type="text" id="username" value="<? echo "". $_SESSION['username'] ."" ?>"></td> 
               </tr> 
               <tr> 
                <td width="22%">Old password</td> 
                <td width="78%"><input name="password" type="text" id="password"></td> 
               </tr> 
                <td>New Password</td> 
                <td><input name="newpassword" type="newpassword" value=""></td> 
               </tr> 
               <tr> 
               </tr> 
                <td>Confirm </td> 
                <td><input name="confirmnewpassword" type="confirmnewpassword" value=""></td> 
               </tr> 
               <tr> 
                <td>&nbsp;</td> 
                <td><input type="submit" name="Submit" value="update"></td> 
               </tr> 
               <tr> 
                <td><a href="home.php">Back</a></td> 
               </tr> 
              </table> 
</form>

我在哪裏做錯了。

來源

2013-03-18 Aamir

+0

你有沒有從保護[SQL注入](http://php.net/manual/en/security.database.sql-injection.php )。 – 2013-03-18 03:12:23

+1

1.您確定要在PLAIN TEXT中保存密碼嗎? 2.你知道SQL注入嗎? – Raptor 2013-03-18 03:12:24

+0

你爲什麼要存儲明文密碼? – Blender 2013-03-18 03:12:26

回答

1

你不會在任何不良行爲中停下來。你是不是停止腳本執行後:

if(!$result){ 
     echo "The username entered does not exist!"; 
    } else if($password != mysql_result($result, 0)){ 
     echo "Entered an incorrect password"; 
}

因此:

if($newpassword == $confirmnewpassword){ 
    $sql = mysql_query("UPDATE users SET password = '$newpassword' WHERE username = '$username'");  
}

將始終評估。

另外

if(!$sql){ 
    echo "Congratulations, password successfully changed!"; 
} else { 
    echo "New password and confirm password must be the same!"; 
}

是指:當查詢失敗($sql = false!$sql = true)打印成功消息,否則打印失敗消息。我不認爲這就是你想要的。你可能想要顛倒這兩個塊。

來源

2013-03-18 03:15:42 Shoe

+0

我得到了它的工作thanhs – Aamir 2013-03-18 06:07:56

0

你不應該有感嘆號,這是一個逆變器。這就是說'如果查詢不起作用,恭喜你,否則如果它工作,給出錯誤信息。'以下:

if(!$sql){ 
    echo "Congratulations, password successfully changed!"; 
} 
else{ 
    echo "New password and confirm password must be the same!"; 
}

應該是:

if($sql){ 
    echo "Congratulations, password successfully changed!"; 
} 
else{ 
    echo "New password and confirm password must be the same!"; 
}

來源

2013-03-18 03:16:29

+0

關於$結果行的另一篇文章也是準確的,雖然它沒有回答你的問題。 – 2013-03-18 03:19:40

+0

我havnt以純文本存儲密碼。他們加密存儲在數據庫中的md5 ,,,, – Aamir 2013-03-18 03:27:51

+0

@Aamir:你評論了錯誤的帖子。 ;) – 2013-03-18 03:31:31

相關問題

 相關問題