Php 更改密码页
我对这段PHP代码有困难,对我来说这似乎是合乎逻辑的,但由于我是PHP和MySQL新手,我显然错了。 我正在尝试为作业设置更改密码页面,但我看不出哪里出错,代码如下:Php 更改密码页,php,mysql,Php,Mysql,我对这段PHP代码有困难,对我来说这似乎是合乎逻辑的,但由于我是PHP和MySQL新手,我显然错了。 我正在尝试为作业设置更改密码页面,但我看不出哪里出错,代码如下: session_start(); if(isset($_SESSION['uname'])){ echo "Welcome " . $_SESSION['uname']; } require_once 'PHP/Constants.php'; $conn = new MySQLi(DB_SERVER, DB_USER, D
session_start();
if(isset($_SESSION['uname'])){
echo "Welcome " . $_SESSION['uname'];
}
require_once 'PHP/Constants.php';
$conn = new MySQLi(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die ('There was a problem connecting to the database');
$query = "SELECT * FROM user";
$result = mysqli_query($conn, $query);
while ($pwdReq = mysqli_fetch_array($result)){
if ($pwdReq['Password'] == $_POST['oldPwd']) {
if ($_POST['confPwd'] == $_POST['newPwd']){
$change = "INSERT INTO user(Password) VALUES ('newPwd')";
$pwdChange = mysqli_query($conn, $change);
} else return "The new passwords do not match!";
} else return "Please enter a correct password!";
}
<form method="post" action="">
<h2>Change Password</h2>
<p>
<label for="oldPwd">Old Password:</label>
<input type="password" name="oldPwd" />
</p>
<p>
<label for="newPwd">New Password:</label>
<input type="password" name="newPwd" />
</p>
<p>
<label for="confPwd">Confirm Password:</label>
<input type="password" name="confPwd" />
</p>
<p>
<input type="submit" id="submit" value="Submit" name="submit" />
</p>
</form>
我的页面正文如下:
session_start();
if(isset($_SESSION['uname'])){
echo "Welcome " . $_SESSION['uname'];
}
require_once 'PHP/Constants.php';
$conn = new MySQLi(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die ('There was a problem connecting to the database');
$query = "SELECT * FROM user";
$result = mysqli_query($conn, $query);
while ($pwdReq = mysqli_fetch_array($result)){
if ($pwdReq['Password'] == $_POST['oldPwd']) {
if ($_POST['confPwd'] == $_POST['newPwd']){
$change = "INSERT INTO user(Password) VALUES ('newPwd')";
$pwdChange = mysqli_query($conn, $change);
} else return "The new passwords do not match!";
} else return "Please enter a correct password!";
}
<form method="post" action="">
<h2>Change Password</h2>
<p>
<label for="oldPwd">Old Password:</label>
<input type="password" name="oldPwd" />
</p>
<p>
<label for="newPwd">New Password:</label>
<input type="password" name="newPwd" />
</p>
<p>
<label for="confPwd">Confirm Password:</label>
<input type="password" name="confPwd" />
</p>
<p>
<input type="submit" id="submit" value="Submit" name="submit" />
</p>
</form>
修改密码
旧密码:
新密码:
确认密码:
当页面运行时,我得到的结果如下:
session_start();
if(isset($_SESSION['uname'])){
echo "Welcome " . $_SESSION['uname'];
}
require_once 'PHP/Constants.php';
$conn = new MySQLi(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die ('There was a problem connecting to the database');
$query = "SELECT * FROM user";
$result = mysqli_query($conn, $query);
while ($pwdReq = mysqli_fetch_array($result)){
if ($pwdReq['Password'] == $_POST['oldPwd']) {
if ($_POST['confPwd'] == $_POST['newPwd']){
$change = "INSERT INTO user(Password) VALUES ('newPwd')";
$pwdChange = mysqli_query($conn, $change);
} else return "The new passwords do not match!";
} else return "Please enter a correct password!";
}
<form method="post" action="">
<h2>Change Password</h2>
<p>
<label for="oldPwd">Old Password:</label>
<input type="password" name="oldPwd" />
</p>
<p>
<label for="newPwd">New Password:</label>
<input type="password" name="newPwd" />
</p>
<p>
<label for="confPwd">Confirm Password:</label>
<input type="password" name="confPwd" />
</p>
<p>
<input type="submit" id="submit" value="Submit" name="submit" />
</p>
</form>
注意:C:\Program文件中未定义的索引:oldPwd
第11行的(x86)\xampp\htdocs\Assignment\change\u password.php
提前感谢您为我提供的任何帮助-Nick更改查询以仅为此用户选择字段,使用
WHERE
而不是抓取所有用户。您可能需要将用户名列替换为,其中uname=
。还可以使用mysqli real转义字符串添加一些针对SQL注入的保护。其他人则建议不要使用bcrypt或类似函数以纯文本形式存储密码
<?php
session_start();
if(isset($_SESSION['uname'])){
echo "Welcome " . $_SESSION['uname'];
}
require_once 'PHP/Constants.php';
$conn = new MySQLi(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME) or die ('There was a problem connecting to the database');
//Add following line to prevent injection.
$newPwd = $conn->real_escape_string($_POST['newPwd']);
$oldPwd = $conn->real_escape_string($_POST['oldPwd']);
////Change here:
$query = "SELECT * FROM user WHERE uname = $_SESSION['uname']";
$result = mysqli_query($conn, $query);
while ($pwdReq = mysqli_fetch_array($result)){
if ($pwdReq['Password'] == $oldPwd) {
if ($_POST['confPwd'] == $newPwd){
$change = "INSERT INTO user(Password) VALUES ('$newPwd')";
$pwdChange = mysqli_query($conn, $change);
} else return "The new passwords do not match!";
} else return "Please enter a correct password!";
}
?>
- 在做任何事情之前,一定要检查你的POST值
- 您应该选择与
uname
- 准备查询以避免
SQL
注入
以下是脚本的改进版本:
<?php
session_start();
if(isset($_SESSION['uname'])){
echo "Welcome " . $_SESSION['uname'];
}
if(isset($_POST['oldPwd']) &&
isset($_POST['newPwd']) &&
isset($_POST['confPwd']){
//Values are set
require_once 'PHP/Constants.php';
$conn = new MySQLi(DB_SERVER, DB_USER, DB_PASSWORD, DB_NAME)
or die ('There was a problem connecting to the database');
//Select user from DB where username matches Session
$query = "SELECT * FROM user WHERE uname = ?";
//prepare query
$stmt = mysqli_prepare($conn, $query);
mysqli_stmt_bind_param($stmt, "s", $_SESSION['uname']);
$result = mysqli_stmt_execute($stmt);
$row = mysqli_fetch_assoc($result);
//get the password from DB
$pwdReq = $row['Password'];
if ($pwdReq == $_POST['oldPwd']){
if($_POST['confPwd'] == $_POST['newPwd'])) {
$change = "INSERT INTO user(Password) VALUES (?)";
$stmt = mysqli_prepare($conn, $change);
mysqli_stmt_bind_param($stmt, "s", $_POST['newPwd']);
mysqli_stmt_execute($stmt);
echo "Password has been changed";
} else{
echo "The new password does not match confirmation";
}
}else{
echo "Old password not matching the database";
}
}else{
echo "oldPwd, confPwd, or confPwd is not set";
}
?>
如果未设置oldPwd、confPwd或confPwd
,则需要找出原因。这不再是PHP的错误。您需要查看html并确保脚本接收到这些值不要以纯文本形式存储密码。@SLaks这是一个虚构的网站,所以我当时不认为有必要,但这是我在完成所有操作后准备添加的内容,但感谢您在文件顶部提供的注释添加错误报告错误报告(E_ALL);ini设置(“显示错误”,1);mysqli_报告(mysqli_报告错误| mysqli_报告严格)代码>@Fred ii-我已经尝试过了,但是我仍然得到了同样的信息:-$由于你的formAnswers出现了问题,你可能不会发布旧的pwd,今天没有任何解释值得10+以上的投票,只是我没有。这里有一个解释,我在我的评论中做了一个解释:OPut it it it it your code。灰显注释通常会丢失。顺便说一下,这对SQL注入是开放的。最好把这件事告诉OP。感谢你们所有的帮助,但是它仍然不能识别旧的pwdt索引。非常感谢,因为我是新手,我需要一段时间才能意识到应该是自动的