Q:编辑新密码PHP Mysql
谁来帮我写代码。我创建了一个编辑密码页面,其中包含当前密码、新密码和确认密码。这是我的密码: 编辑_password.phpQ:编辑新密码PHP Mysql,php,mysql,forgot-password,Php,Mysql,Forgot Password,谁来帮我写代码。我创建了一个编辑密码页面,其中包含当前密码、新密码和确认密码。这是我的密码: 编辑_password.php <form action="editpassword_process.php" method="post"> <table> <tr class="form-group has-feedback has-success"> <td><h4>Current Password</h4&g
<form action="editpassword_process.php" method="post">
<table>
<tr class="form-group has-feedback has-success">
<td><h4>Current Password</h4></td>
<td><div class="control-group input-lg"><input type="password" placeholder="" passfield="true" id="currentpassword" name="currentpassword"></div></td> <!-- class="input-sm" required -->
<td><span id="messagebox"></span></td>
</tr>
<tr>
<td><h4>New Password</h4></td>
<td><div class="control-group input-lg"><input type="password" placeholder="" passfield="true" id="newpassword1" name="newpassword1"></div></td> <!-- required class="input-sm" -->
</tr>
<tr>
<td><h4>Confirm Password</h4></td>
<td><div class="control-group input-lg"><input type="password" placeholder="" passfield="true" id="newpassword2" name="newpassword2" onKeyUp="checkPass(); return false;"></div></td> <!-- required class="input-sm" -->
<span id="confirmMessage" class="confirmMessage"></span>
</tr>
</table>
<button class="btn btn-info">Submit</button>
</form>
<?php
include('connection.php');
$currentpw = $_POST['currentpassword'];
$newpw = $_POST['newpassword1'];
$confirmnewpw = $_POST['newpassword2'];
$res = mysql_query("SELECT user_password FROM `tbl_userlist` WHERE userid = '".$_SESSION['userid']."'");
if($currentpw != mysql_result($res, 0)){
echo "You entered an incorrect password";
}
if($newpw = $confirmnewpw){
$sql = mysql_query("UPDATE tbl_userlist SET user_password = '$newpw' WHERE userid = '".$_SESSION['userid']."'");
}
if($sql){
echo "You have successfully changed your password";
}
else{
echo "The new password and confirm pasword fields must be the same";
}
?>
提前感谢您您的代码有一些问题,但我将从您的用户密码没有更新的原因开始。您尚未在代码中的任何位置启动会话。无论您在何处使用会话,都需要从以下内容开始:
session_start();
这应该是你开场后做的第一件事改变以下事情
<?php
session_start(); // Start session as you are using it
include('connection.php');
$currentpw = $_POST['currentpassword'];
$newpw = $_POST['newpassword1'];
$confirmnewpw = $_POST['newpassword2'];
$res = mysql_query("SELECT user_password FROM `tbl_userlist` WHERE userid = '".$_SESSION['userid']."'");
if($currentpw != mysql_result($res, 0)){
echo "You entered an incorrect password";
}
if($newpw = $confirmnewpw){ // Compare using == or ===
$sql = mysql_query("UPDATE tbl_userlist SET user_password = '$newpw' WHERE userid = '".$_SESSION['userid']."'");
// mysql_query("UPDATE tbl_userlist SET user_password = '$newpw' WHERE userid = '".$_SESSION['userid']."'", $connectionVar);
}
if($sql){ // Here You have not executed the query now use $connection->query($sql)
// OR mysql_query($connection,$sql); any other
echo "You have successfully changed your password";
}
else{
echo "The new password and confirm password fields must be the same";
} ?>
运行此代码时:
"UPDATE tbl_userlist SET user_password = '$newpw' WHERE userid = '".$_SESSION['userid']."'"
这意味着您使用会话中的标准userid更新tbl_userlist。如果使用代码session\u start启动会话,则可以使用会话中的值 您有一个sql注入漏洞,这是一个更大的问题。此外,您似乎正在存储纯文本密码,这也是一个非常大的安全漏洞。7年前,大多数人停止使用mysql命令,转而使用mysqli或pdo。如果密码不正确,脚本不会停止执行。您正在分配一个变量,而不是比较它=vs==。您正在以明文形式存储密码。如果您使用了连接变量,请尝试回显错误,如回显mysqli_error$con;检查mysql,这是mysqli连接。检查错误后,有人将能够帮助您。因此,发布您的错误并更正mysql\u query$connectionVariable$sqlQuery@我的好朋友。很高兴它有帮助!
"UPDATE tbl_userlist SET user_password = '$newpw' WHERE userid = '".$_SESSION['userid']."'"