Php 更改mysql表中的密码?
嗨,我的更改密码脚本有问题。我试图允许一个用户在mysql表“ptb_users.password”中更改他们的密码,该表应该存储为md5 当我在表单中点击submit时,我假设它会转到changepassword.php,但是页面是空白的,没有任何响应,我没有收到任何错误 有人能告诉我我哪里出了问题吗,谢谢 这是我的表格:Php 更改mysql表中的密码?,php,html,passwords,Php,Html,Passwords,嗨,我的更改密码脚本有问题。我试图允许一个用户在mysql表“ptb_users.password”中更改他们的密码,该表应该存储为md5 当我在表单中点击submit时,我假设它会转到changepassword.php,但是页面是空白的,没有任何响应,我没有收到任何错误 有人能告诉我我哪里出了问题吗,谢谢 这是我的表格: <?php // CONNECT TO THE DATABASE require('includes/_config/connection.php'); /
<?php
// CONNECT TO THE DATABASE
require('includes/_config/connection.php');
// LOAD FUNCTIONS
require('includes/functions.php');
// GET IP ADDRESS
$ip_address = $_SERVER['REMOTE_ADDR'];
?>
<?php require_once("includes/sessionframe.php");
require('includes/checks.php');
?>
<?php
if (isset ($_GET['to'])) {
$user_to_id = $_GET['to'];
}
?>
<?php
//We check if the form has been sent
if(isset($_POST['subject'], $_POST['message_content']))
{
$subject = $_POST['subject'];
$content = $_POST['message_content'];
//We remove slashes depending on the configuration
if(get_magic_quotes_gpc())
{
$subject = stripslashes($subject);
$content = stripslashes($content);
}
//We check if all the fields are filled
if($_POST['subject']!='' and $_POST['message_content']!='')
{
$sql = "INSERT INTO ptb_messages (id, from_user_id, to_user_id, subject, content) VALUES (NULL, '".$_SESSION['user_id']."', '".$user_to_id."', '".$subject."', '".$content."');";
mysql_query($sql, $connection);
echo "<div class=\"infobox2\">The message has successfully been sent.</div>";
}
}
if(!isset($_POST['subject'], $_POST['message_content']))
if (empty($_POST['subject'])){
$errors[] = 'The subject cannot be empty.';
if (empty($_POST['body'])){
$errors[] = 'The body cannot be empty.';
}
}
{
?>
<form method="post" action="includes/changepassword.php" name="form1" id="form1">
<input type="password" name="oldpassword" id="password" class="subject" placeholder="Old Password">
<input type="password" name="oldpassword" id="password" class="message" placeholder="Old Password">
<input type="password" name="newpassword" id="newpassword" class="message" placeholder="New Password">
<input type="image" src="assets/img/icons/loginarrow1.png" name="submit" id="submit" class="submit">
</form>
这有很多问题
让我们先了解一下基本知识:
不要使用mysql函数。尽可能切换到PDO或mysqli
md5正在走向死亡。请看答案-可以理解的是,您可能在md5中根深蒂固,如果不纠缠每个用户更新他们的pw,您就无法离开
那么你的问题是:
if($password!= mysql_result($result, 0))
您不是在与md5存储的哈希进行比较。应该是这样的:
if(md5($password) != mysql_result($result, 0))
这是:
if($newpassword=$confirmnewpassword)
只是重新分配一个变量。我想你想要
if($newpassword == $confirmnewpassword)
对于输出,您可能需要考虑这里使用的I/OR结构。这可能会被彻底清理,所有这些看起来都过时了。也许只是一个意见
如果你有一个具体的事情要磨练,让我知道,我可能会更新
编辑
整个街区都应该清理干净。类似这样的事情可能会有所帮助:
if(!$result)
{
echo "The username you entered does not exist";
}
else
{
if(md5($password) != mysql_result($result, 0))
{
echo "Current PW does not match what we have";
}
else
{
if($newpassword == $confirmnewpassword)
{
$newpassword=md5($newpassword);
$sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id']."") or die(mysql_error());
if($sql)
{
echo "Thank You. Your Password has been successfully changed.";
}
}
else
{
echo "The new password and confirm new password fields must be the same";
}
}
}
首先,您没有正确检查旧密码(md5存储,纯文本比较…无法工作)
第二,您没有任何confirmpassword设置,因此这也不起作用
有效的方法是:
$password = md5($_POST['password']);
$newpassword = md5($_POST['newpassword']);
$result = mysql_query("SELECT password FROM ptb_users WHERE id=".$_SESSION['user_id']." AND password = '".$password."'");
if(!$result)
{
echo "The username you entered does not exist or old password didn't match";
}
else
{
$sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id']."");
}
if($sql)
{
echo "Thank You. Your Password has been successfully changed.";
}
确保您的php.ini文件已打开错误报告和diplay errors,并且您应该开始看到一些错误消息。一个错误:if($newpassword=$confirmnewpassword)
必须是if($newpassword===$confirmnewpassword)
。请了解如何正确格式化代码。首先查看psr-2编码标准,放置die('显示此页面')在之后的第二行,新密码和确认新密码字段必须是samei,并将其清理一点。尝试在相关部分替换上面的代码是的,这可以让用户更改密码,但它不能正确地确认旧密码,即使用户输入了错误的旧密码,它仍然允许用户更改密码。我如何让它在允许用户更改之前确认旧密码?不,它不会让您在输入错误的“旧”密码时更改密码<代码>和密码=“$password.”“
防止出现这种情况您是否尝试过运行该代码,我之所以这么说是因为当我运行该代码时,它可以让我输入我想要的任何旧密码。它还允许用户将新密码框留空,并将密码设置为nothing:/没有看到您选中任何内容;)代码和你的一样愚蠢,它只是在工作(与你的不同)我的密码设置程序完全不同,就我得到你的问题而言,你想知道为什么没有得到任何回应。。这是因为您总是在代码的这一行中结束echo”“我编辑了你的代码,这样它不仅可以工作,而且不再需要说这行了。。。(一个巧合)。如果你想要一个完全不同的解决方案,那么你的问题就是误导。
$password = md5($_POST['password']);
$newpassword = md5($_POST['newpassword']);
$result = mysql_query("SELECT password FROM ptb_users WHERE id=".$_SESSION['user_id']." AND password = '".$password."'");
if(!$result)
{
echo "The username you entered does not exist or old password didn't match";
}
else
{
$sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id']."");
}
if($sql)
{
echo "Thank You. Your Password has been successfully changed.";
}
if(isset($_POST['submit']))
{
$email = $_POST['email'];
echo $newpassword = ($_POST['password1']);
echo $confirmpasssword = ($_POST['password2']);
if($newpassword=$confirmpassword)
{
echo $newpassword = md5($newpassword);
echo $result = mysql_query("UPDATE users SET password='$newpassword' WHERE email='$email' ");
}
if($result)
{
echo "Thank You. Your Password has been successfully changed.";
}
else
{
echo "The new password and confirm password fields must be the same";
}
}
can anyone tell me is this correct coding, to change password and store in mysqldb.