PHP-更新密码页面
我试图创建一个用户可以更改密码的页面,但是我的sql语句有问题,有人能告诉我哪里出了问题吗?这是代码PHP-更新密码页面,php,sql,passwords,Php,Sql,Passwords,我试图创建一个用户可以更改密码的页面,但是我的sql语句有问题,有人能告诉我哪里出了问题吗?这是代码 <?php session_start(); include_once("home_start.php"); require_once("functions.php"); require_once("db_connect.php"); $submit = trim($_POST['submit']); $username = trim($_POST['u
<?php
session_start();
include_once("home_start.php");
require_once("functions.php");
require_once("db_connect.php");
$submit = trim($_POST['submit']);
$username = trim($_POST['username']);
$password = trim($_POST['password']);
$newpassword = trim($_POST['newpassword']);
$repeatnewpassword = trim($_POST['repeatnewpassword']);
if ($username && $password){
session_start();
require_once("db_connect.php");
mysqli_select_db($db_server, $db_database) or die("Couldn't find db");
$username = clean_string($db_server, $username);
$password = clean_string($db_server, $password);
$pass = $_POST[‘password’];
$salt = "$salt1$string$salt2";
$hashpass = md5($pass . $salt);
$query = "SELECT * FROM users WHERE username='$username'";
$result = mysqli_query($db_server, $query);
if($row = mysqli_fetch_array($result)){
$db_username = $row['username'];
$db_password = $row['password'];
if($username==$db_username && salt($password)==$db_password){
$_SESSION['username']=$username;
$_SESSION['logged']="logged";
$querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE
username='$username'") or die(mysql_error());
} else {
$message = "<h1>Incorrect password!</h1>";
}
mysqli_free_result($result);
require_once("db_close.php");
} else {
$message = "<h1>Please enter a valid username/password</h1>";
}
//home_start/end only required if submitting to a separate page
//include_once("home_start.php");
echo $message;
}
?>
<h1>Change Password</h1>
<form id="register" action='password.php' method='POST'>
Username: <input type='text' name='username'><br />
Current Password: <input type='password' name='password'><br />
New Password: <input type='password' name='newpassword'><br />
Repeat New Password: <input type='password' name='repeatnewpassword'><br />
<input type='submit' name='submit' value='Login'> <br />
</form>
<?php include_once("home_close.php"); ?>
当您比较密码进行验证时,我发现您在给定密码上使用了salt。这意味着您在db中已经有一个saltedor加密密码
salt($password)==$db_password
但是,当您将新密码存储到db中时,我没有看到您在上面添加了加密程序salt
UPDATE users SET password='$newpassword'...
因此,当您使用新密码登录时,您将永远无法获得匹配的密码 您可以添加一个比我的sql语句有问题更具描述性的问题描述吗?我不确定我输入的sql语句是否正确。我在第56行收到错误消息警告:无法修改头信息-头已经由/home/cs12jcw/public_html/home_start.php:29 in/home/cs12jcw/public_html/password.php处启动的输出发送,在第56行我的sql语句在第56行。当此代码使用哈希和salt函数时,您正在尝试将密码明文插入数据库。此外,您从不检查$newpassword和$repeatnewpassword是否匹配。在尝试此操作之前,我会先了解现有代码。您还在mysqli_*代码中使用mysql_查询。而且您从未调用以执行查询。请检查您是否没有对会话\u start的多次调用。例如,如果在home\u close.php中调用session\u start,就会出现前面提到的错误。