PHP - 更新密码页面

时间:2013-12-27 16:28:50

标签: php sql passwords

我正在尝试创建一个用户可以更改密码的页面,但是我的sql语句有问题,有人可以告诉我哪里出错了吗?这是代码; 

<?php
  session_start();

  include_once("home_start.php");
  require_once("functions.php");   
  require_once("db_connect.php");

  $submit = trim($_POST['submit']); 
  $username = trim($_POST['username']);
  $password = trim($_POST['password']); 
  $newpassword = trim($_POST['newpassword']);     
  $repeatnewpassword = trim($_POST['repeatnewpassword']); 

  if ($username && $password){ 

    session_start(); 

    require_once("db_connect.php"); 

    mysqli_select_db($db_server, $db_database) or die("Couldn't find db"); 

    $username = clean_string($db_server, $username); 
    $password = clean_string($db_server, $password); 
    $pass = $_POST[‘password’]; 

    $salt = "$salt1$string$salt2"; 
    $hashpass = md5($pass . $salt);

    $query = "SELECT * FROM users WHERE username='$username'"; 
    $result = mysqli_query($db_server, $query); 

    if($row = mysqli_fetch_array($result)){ 
      $db_username = $row['username']; 
      $db_password = $row['password']; 
      if($username==$db_username && salt($password)==$db_password){    
        $_SESSION['username']=$username; 
        $_SESSION['logged']="logged"; 
        $querychange = mysql_query("UPDATE users SET password='$newpassword' WHERE       
  username='$username'") or die(mysql_error());
      } else {
        $message = "<h1>Incorrect password!</h1>";
      }

      mysqli_free_result($result); 
      require_once("db_close.php"); 

    } else { 
      $message = "<h1>Please enter a valid username/password</h1>"; 
    } 

     //home_start/end only required if submitting to a separate page 

    //include_once("home_start.php"); 

    echo $message; 

  }
?>

<h1>Change Password</h1> 

<form id="register" action='password.php' method='POST'>   
  Username: <input type='text' name='username'><br /> 
  Current Password: <input type='password' name='password'><br /> 
  New Password: <input type='password' name='newpassword'><br /> 
  Repeat New Password: <input type='password' name='repeatnewpassword'><br /> 

  <input type='submit' name='submit' value='Login'> <br /> 

</form>

<?php include_once("home_close.php"); ?>

1 个答案:

答案 0 :(得分:0)

当您比较验证密码时,我发现您使用的盐超过了您的密码。这意味着您已经在db。中获得了盐渍(或加密)密码。

salt($password)==$db_password

但是当您将新密码存储到db中时,我没有看到您对其进行加密(或加密)。

UPDATE users SET password='$newpassword'...

因此,当您使用新密码登录时,您将永远无法匹配!

相关问题
最新问题