1. 首頁
  2. 問答
  3. 如果&AND語句在PHP腳本

如果&AND語句在PHP腳本

2012-01-18 72 views
1

我試圖放在一起,用戶可以更新他們的'電子郵件地址'和'密碼'的形式。如果&AND語句在PHP腳本

我想包括下列情形:要留下

  • 如果用戶更改其電子郵件地址,然後我想在現有的「密碼」,「密碼提示」和鹽田其當前值。
  • 如果用戶更改密碼,我需要創建一個新的'salt'值,添加到密碼字段並用sha1加密
  • 最後,如果用戶更改所有字段,則'email adresss','密碼','密碼'提示和'鹽'字段都需要更新。

這是我試圖拼湊代碼:

if (isset($_POST["amendyourdetails"])) 
    { 

$password = $_POST["password"];} 
$confirmpassword = $_POST["confirmpassword"]; 
$passwordhint = $_POST["passwordhint"]; 
if ($password >=0){ 
$salt = uniqid(mt_rand()); 
$encrypted = sha1($password . $salt); 
if ($emailaddress >=0){ 
$emailaddress = $_POST['emailaddress']; 
      mysql_query("UPDATE `userdetails` SET `emailaddress` = '$emailaddress',`password` = '$encrypted', `passwordhint` = '$passwordhint', `salt` = '$salt' WHERE `userid` = 1"); 
      $msg = "Your password has been successfully reset."; 
      } 
      } 
      else if ($password == 0){ 
      if (emailaddress > 0){ 
      mysql_query("UPDATE `userdetails` SET `emailaddress` = '$emailaddress' WHERE `userid` = 1"); 
      $msg = "Your password has been successfully reset."; 
      } 
      } 
      } 
?> 
<html> 
<head> 
<title>Amend Your Details</title> 
<style type="text/css"> 
<!-- 
.style1 {font-family: Calibri 
} 
.style9 { font-family: Calibri; 
    font-size: 24px; 
    background-color: #78AFC5; 
} 
.style7 { 
    font-family: Calibri; 
    font-size: 16px; 
    background-color: #FFFFFF; 
} 
.style10 {color: #FF0000} 
--> 
</style> 
<script src="gen_validatorv4.js" type="text/javascript"></script> 
</head> 
<body> 
<div align="center"><span class="style9">Amend Your Details </span></div> 
<p class="style7"><span class="style10"> 
    <?php 
if (isset($msg)) // this is special section for 
// outputing message 
{ 
?> 
</span> 
<p class="style7"> 
    <span class="style10"> 
    <?=$msg?> 
    </span> 
    <p class="style7"><span class="style10"> 
    <?php 
} 
?> 
    </span> 
    <form name="amendyourdetails" id="amendyourdetails" action="amendyourdetails.php" method="post"> 
    <table width="418" border="1"> 
    <tr> 
     <td width="195"><span class="style1">Email Address:</span></td> 
     <td width="220"><span class="style1"> 
     <input name="emailaddress" type="email" value="<?php echo $emailaddress;?>" size="25"/> 
     </span></td> 
    </tr> 
    <tr> 
     <td><span class="style1">New Password:</span></td> 
     <td><span class="style1"> 
     <input name="password" id="password" type="password" size="30"/> 
     </span></td> 
    </tr> 
    <tr> 
     <td><span class="style1">Confirm New Password:</span></td> 
     <td><span class="style1"> 
     <input name="confirmpassword" id="confirmpassword" type="password" size="30"/> 
     </span></td> 
    </tr> 
    <tr> 
     <td><span class="style1">New Password Hint:</span></td> 
     <td><span class="style1"> 
     <input name="passwordhint" id="passwordhint" type="text" size="30"/> 
     </span></td> 
    </tr> 
    </table> 
    <p> 
    <input name="amendyourdetails" type="submit" value="Amend Your Details"> 
</p> 
</form> 
<script language="JavaScript" type="text/javascript"> 
var frmvalidator = new Validator("amendyourdetails"); 
           frmvalidator.addValidation("emailaddress","email","Please enter a valid email address"); 
          // frmvalidator.addValidation("password","minlen=6", "Minimum length for a password is 6 characters"); 
           frmvalidator.addValidation("confirmpassword","eqelmnt=password", "The confirmed password is not the same as the password"); 
          // frmvalidator.addValidation("passwordhint","req","Please provide a hint for your password"); 
          </script> 
</body> 
</html>

我最大的問題是,一旦頁面運行時,「更新」動作發生,但值從我的'電子郵件地址'和'passwordhint'字段已被刪除,我不知道爲什麼。

更新的代碼

if (isset($_POST["amendyourdetails"])) 
{ 

$emailaddress = $_POST['emailaddress']; 
$password = $_POST["password"];} 
$confirmpassword = $_POST["confirmpassword"]; 
$passwordhint = $_POST["passwordhint"]; 
if ($_POST["password"] isset() 
{ 
$salt = uniqid(mt_rand()); 
$encrypted = sha1($password . $salt); 
mysql_query("UPDATE `userdetails` SET `emailaddress` = '$emailaddress',`password` = '$encrypted', `passwordhint` = '$passwordhint', `salt` = '$salt' WHERE `userid` = 1"); 
$msg = "Your password has been successfully reset."; 
} 
}

來源

2012-01-18 IRHM

+1

如果你可以縮進你的代碼,它會使它更容易閱讀並幫助你 – xbonez 2012-01-18 16:00:16

+1

請閱讀[解析用戶輸入](http://stackoverflow.com/questions/60174/best-way-to -stop-sql -injection-in-php),爲了你的用戶。 – fredley 2012-01-18 16:01:16

+2

你在哪裏聲明'$ emailaddress'?編輯:看來你在聲明它之前使用它。 – Znarkus 2012-01-18 16:01:32

回答

0

你檢測,如果$密碼大於或等於0,如果沒有定義,這將評估爲true。你想檢查$ _POST [「password」] isset()。

來源

2012-01-18 16:05:10 Ilion

+0

嗨,很多thnaks花時間回覆我的文章。我試圖實施你的建議。很明顯,我沒有做正確的事,因爲我收到以下錯誤: '解析錯誤:語法錯誤,意外的T_ISSET在/homepages/2/d333603417/htdocs/development/amendyourdetails.php在19行' 用新代碼更新了我的原始帖子。你可能請看看這個,讓我知道我哪裏出了問題。非常感謝 – IRHM 2012-01-18 18:16:33

+1

就行'if($ _POST [「password」] isset()'應該是'if(isset($ _ POST [「password」]))' – Ilion 2012-01-18 18:58:26

+0

嗨,非常感謝您幫助我解決這個問題。但是,考慮到你和其他人對SQL注入攻擊的描述,我離開了並重新編寫了我的代碼,並且它現在正在工作,非常感謝 – IRHM 2012-01-21 16:12:20

1

你的意思是if(strlen($ password)> = 0){??或isset?

不管結果如何,試試這個:

$password = $_POST['password']; 
$confirmpassword = $_POST['confirmpassword']; 
$passwordhint = $_POST['passwordhint']; 

if(strlen($password) > 0) { 
    $salt = uniqid(mt_rand()); 

    $encrypted = sha1($password.$salt); 
} 

$emailaddress = $_POST['emailaddress']; 

mysql_query("UPDATE `userdetails` SET `emailaddress` = ".((strlen($emailaddress) > 0) ? "'$emailaddress'" : "emailaddress").", `password` = 
     ".((strlen($password) > 0) ? "'$encrypted', `passwordhint` = '$passwordhint', `salt` = '$salt'" : "password")." WHERE `userid` = 1");

但是:從來沒有想過SQL注入?

btw:對不起,我的英語不好。

來源

2012-01-18 16:12:04

+0

SQL注入是一個寫代碼的問題 – Ilion 2012-01-18 16:16:04

+1

我知道,但我只是做了上面的代碼,也許他正在做一些像$ _POST ['emailadress'] = mysql_real_escape_string($ _ Po ...);在代碼提取。 – 2012-01-19 17:21:20

+0

噢,是的,我指的是上面的代碼,而不是指責你。 – Ilion 2012-01-19 19:56:52

相關問題

 相關問題