0
<?
// Inialize session
session_start();
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username']))
{
header('Location: AdminLogin.php');
}
?>
<html lang="en-GB" xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" href="AdminLogin.css" type="text/css" />
<title>Welcome to ASM Services Inc.</title>
<script type="text/javascript" language=JavaScript>
var message="";
function clickIE()
{
if (document.all)
{(message);return false;}}
function clickNS(e) {if
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers)
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
document.oncontextmenu=new Function("return false")
</script>
</head>
<body>
<div class="login">
<?php
require("adminconfig.inc");
$user = $_SESSION['username'];
echo "<form name=form1 method=post>
<table width=100 border=0 align=center>
<tr>
<font size=5 face=Arial color=yellow>Change Password</font>
</tr>
<table>
<tr>
<td><font size=4 face=Tahoma color=yellow>Username:</font></td>
<td><input type=text name='username1' value='$user' size=20 AUTOCOMPLETE = off ></td>
</tr>
<tr>
<td><font size=4 face=Tahoma color=yellow>Password:</font></td>
<td><input type=password name=password size=20 AUTOCOMPLETE = off></td>
</tr>
<tr>
<td><font size=4 face=Tahoma color=yellow>New Password</font></td>
<td><input type=password name=new_pass size=20 AUTOCOMPLETE = off></td>
</tr>
<tr>
<td><font size=4 face=Tahoma color=yellow>Confirm Password:</font>:</td>
<td><input type=password name=con_pass size=20 AUTOCOMPLETE = off></td>
</tr>
</table>
<table>
<tr>
<input type=submit value=Ok name='btnCheck'>
<input type=submit value=Cancel name=btnCancel onClick='this.form.reset()'>
</tr>
</table>
</table>
</form>";
?>
<?php
require("adminconfig.inc");
$user = $_POST['username1'];
$pass = $_POST['password'];
$new_pass = trim($_POST['new_pass']);
$con_pass = trim($_POST['con_pass']);
if(isset($_POST['btnCheck']))
{
// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT Log_User, Log_Pass, User_Type FROM LOG_IN WHERE
(Log_User = '" . mysql_real_escape_string($_POST['username1']) . "')
and
(Log_Pass = '" . mysql_real_escape_string($_POST['password']) . "')
and
(User_Type = 'member')")
or die('Query failed: ' . mysql_error() . "<br />\n$sql"); ;
//Check username and password match
if (mysql_num_rows($login) == 1)
{
if(trim('$new_pass') == trim('$con_pass'))
{
$sql=mysql_query("UPDATE log_in SET Log_Pass='$new_pass' where username='$user'");
if(!$sql)
{
echo "fail updating!";
}
else
{
echo "success!";
echo "<script type = text/javascript>";
echo "alert('The new password has been changed successfully.');";
echo "</script>";
}
}
else
{
echo "fail!";
echo "<script type = text/javascript>";
echo "alert('Error. New Password and Confirm Password are not the same. Please make it sure that they are the same.');";
echo "</script>";
}
}
}
?>
</div>
<div class="copyright">
© Copyright 2011 <strong>ASM Services Inc.</strong>
</div>
</body>
</html>
這是我改變用戶密碼的整個代碼。我真的不知道我的代碼有什麼確切的錯誤。每當我更改密碼時,它總是會出現「錯誤。新密碼和確認密碼不一樣」。我的php更改密碼有什麼問題?
這確實是一個 「太本地化」 的問題 –
你存儲在**明文密碼**;這是你的代碼中唯一*最*錯的東西。請參閱:http://stackoverflow.com/questions/401656/secure-hash-and-salt-for-php-passwords – Piskvor
我不會說這是最*錯誤的事情。我個人不介意我的密碼是否以純文本格式存儲。要在一些蹩腳的網站上註冊,我會使用mailinator並且不在乎它的安全性 –