<?php
require 'db.php';
session_start();
$current_pass = $_POST['currentpassword'];
$new_password = $_POST['newpassword'];
$confirm_password = $_POST['confirmpassword'];
$current_pass = $mysqli->escape_string(password_hash($_POST['currentpassword'], PASSWORD_BCRYPT));
$result = $mysqli->query("SELECT password FROM users WHERE email='$email' AND hash='$hash'");
if(!$result){
echo"User doesn't exist!!";
}
else{
//Make sure form is submitted with post method
if($_SERVER['REQUEST_METHOD'] == 'POST'){
//See if password equals currentpassword
if($_SESSION['pass'] == $_POST['currentpassword']){
//See if newpassword equals confirmpassword
if($_POST['newpassword'] == $_POST['confirmpassword'] ){
$new_password = $mysqli->escape_string(password_hash($_POST['newpassword'], PASSWORD_BCRYPT));
$sql = "UPDATE users SET password='$new_password' WHERE email='$email'";
if( $mysqli->query($sql)){
echo "Your password has been reset successfully!!";
}
}
else{
echo "Passwords don't match. Please enter again";
}
}
else{
echo "Wrong Password. Please Enter again";
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>RESET PASSWORD</title>
</head>
<body>
<div class="form">
<h1>Reset your password</h1>
<form action="reset.php" method="post">
<div class="field-wrap">
<label>
Enter Current Password<span class="req">*</span>
</label>
<input type="password" name="currentpassword" autocomplete="off">
</div>
<br><br>
<div class="field-wrap">
<label>
Enter New Password<span class="req">*</span>
</label>
<input type="password" name="newpassword" autocomplete="off">
</div>
<div class="field-wrap">
<label>
Confirm New Password<span class="req">*</span>
</label>
<input type="password" name="confirmpassword" autocomplete="off">
</div>
<a href="profile.php"><button class="button button-block"/>Change Password</button></a>
</div>
</body>
</html>
显示错误注意:未定义的索引:各种行上的C:\ Apache24 \ htdocs \ login-system \ reset.php中的currentpassword,并且还显示密码错误。尽管我输入了正确的密码,请再试一次。