Warning: file_get_contents(/data/phpspider/zhask/data//catemap/1/php/275.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
PHP-更新密码页面_Php_Sql_Passwords - Fatal编程技术网
Fatal编程技术网
  • php/
  • PHP-更新密码页面

PHP-更新密码页面

php sql passwords

PHP-更新密码页面,php,sql,passwords,Php,Sql,Passwords,我试图创建一个用户可以更改密码的页面,但是我的sql语句有问题,有人能告诉我哪里出了问题吗?这是代码 <?php session_start(); include_once("home_start.php"); require_once("functions.php"); require_once("db_connect.php"); $submit = trim($_POST['submit']); $username = trim($_POST['u

我试图创建一个用户可以更改密码的页面,但是我的sql语句有问题,有人能告诉我哪里出了问题吗?这是代码

<?php
  session_start();

  include_once("home_start.php");
  require_once("functions.php");   
  require_once("db_connect.php");

  $submit = trim($_POST['submit']); 
  $username = trim($_POST['username']);
  $password = trim($_POST['password']); 
  $newpassword = trim($_POST['newpassword']);     
  $repeatnewpassword = trim($_POST['repeatnewpassword']); 

  if ($username && $password){ 

    session_start(); 

    require_once("db_connect.php"); 

    mysqli_select_db($db_server, $db_database) or die("Couldn't find db"); 

    $username = clean_string($db_server, $username); 
    $password = clean_string($db_server, $password); 
    $pass = $_POST[‘password’]; 

    $salt = "$salt1$string$salt2"; 
    $hashpass = md5($pass . $salt);

    $query = "SELECT * FROM users WHERE username='$username'"; 
    $result = mysqli_query($db_server, $query); 

    if($row = mysqli_fetch_array($result)){ 
      $db_username = $row['username']; 
      $db_password = $row['password']; 
      if($username==$db_username && salt($password)==$db_password){    
        $_SESSION['username']=$username; 
        $_SESSION['logged']="logged"; 
        $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE       
  username='$username'") or die(mysql_error());
      } else {
        $message = "<h1>Incorrect password!</h1>";
      }

      mysqli_free_result($result); 
      require_once("db_close.php"); 

    } else { 
      $message = "<h1>Please enter a valid username/password</h1>"; 
    } 

     //home_start/end only required if submitting to a separate page 

    //include_once("home_start.php"); 

    echo $message; 

  }
?>

<h1>Change Password</h1> 

<form id="register" action='password.php' method='POST'>   
  Username: <input type='text' name='username'><br /> 
  Current Password: <input type='password' name='password'><br /> 
  New Password: <input type='password' name='newpassword'><br /> 
  Repeat New Password: <input type='password' name='repeatnewpassword'><br /> 

  <input type='submit' name='submit' value='Login'> <br /> 

</form>

<?php include_once("home_close.php"); ?>
当您比较密码进行验证时,我发现您在给定密码上使用了salt。这意味着您在db中已经有一个saltedor加密密码

salt($password)==$db_password
但是,当您将新密码存储到db中时,我没有看到您在上面添加了加密程序salt

UPDATE users SET password='$newpassword'...
因此,当您使用新密码登录时,您将永远无法获得匹配的密码

您可以添加一个比我的sql语句有问题更具描述性的问题描述吗?我不确定我输入的sql语句是否正确。我在第56行收到错误消息警告:无法修改头信息-头已经由/home/cs12jcw/public_html/home_start.php:29 in/home/cs12jcw/public_html/password.php处启动的输出发送,在第56行我的sql语句在第56行。当此代码使用哈希和salt函数时,您正在尝试将密码明文插入数据库。此外,您从不检查$newpassword和$repeatnewpassword是否匹配。在尝试此操作之前,我会先了解现有代码。您还在mysqli_*代码中使用mysql_查询。而且您从未调用以执行查询。请检查您是否没有对会话\u start的多次调用。例如,如果在home\u close.php中调用session\u start,就会出现前面提到的错误。