Question

我是PHP / Jquery的新手，我正在尝试为我的网站做一个更新密码脚本。到目前为止，密码更新但我正在努力思考如何验证这一点来检查旧密码。

此外，如何在警报框（如java警报窗口）中显示错误消息。我问的原因是因为如果旧密码与数据库中存在的密码不匹配，我需要创建一个警告框。

对此的任何帮助将不胜感激。如果您需要任何其他代码，我会尽快发布。

// *Update Profile Password* //
$("#btn-profile-update2").bind('click', function(){

       // Get info from text boxes
    /*    var profile_oldpassword = $('#txt-prof-oldp').val(); */
    var profile_newpassword = $('#txt-prof-newp').val();
    var profile_confirmpassword = $('#txt-prof-confp').val();

    new_password = $('#txt-prof-newp').val();
    old_password = $('#txt-prof-oldp').val();

    if (profile_newpassword !== profile_confirmpassword) {

        response = "Passwords entered do not match"

        alert(response);

        return;

   }

    // An array of field names to be updated
    var arr_field_names = Array();

    // Add the field name to index of array
    arr_field_names[0] = "Password";

    // An array of field values that correspond with our field names...
    var arr_field_values = Array();

    arr_field_values[0] = profile_newpassword;

    // Send to updateProfDetails function
    updatePassword(arr_field_names,arr_field_values,new_password,old_password);

    });

});

发送到此功能：

function updatePassword(arr_field_names,arr_field_values,new_password,old_password) {

    // Ajax parameters...
    $.ajax({

        // Request sent from control panel, so send to cp.request.php (which is the handler)
        url: 'scripts/php/bootstrp/cp.request.php',
        type: 'GET',

        data: {

            ft: "password",
            table: "tblusers",
            oldpassword: old_password,
            newpassword: new_password,
            field_names: arr_field_names,
            field_values: arr_field_values,

            // Either pass a row id as the 'id' OR a where clause as the 'condition' never both
            id: null,
            condition: null
        },
        dataType: 'text',
        timeout: 20000,
        error: function(){
            $('#cp-div-error').html('');
            $('#cp-div-error').append('<p>There was an error updating the data, please try again later.</p>');
            $('#cp-div-error').dialog('open');
        },
        success: function(response){

            // Refresh page
           // location.reload(true);


        }
    });


}

最后是PHP更新：

public function password($tableName)
{

    $PDO = new SQL();
    $dbh = $PDO->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);

    $username = UserAccount::get_useremail();
    $password = hash('sha256',trim($_GET['newpassword']));
    $oldpassword = hash('sha256',trim($_GET['oldpassword']));


        // Does the password given match the password held?
       $this->sql = "UPDATE $tableName SET password = '$password' WHERE UserName = '$username'";

    try {
                // Query
                $stmt = $dbh->prepare($this->sql);

                $stmt->execute();

                $count = $stmt->rowCount();

                echo $count.' row(s) updated by SQL: '.$stmt->queryString;

                $stmt->closeCursor();

            }

            catch (PDOException $pe) {
                echo 'Error: ' .$pe->getMessage(). 'SQL: '.$stmt->queryString;
                die();
            }

                // Close connection
                $dbh = null;

        }

Answer 1

你几乎得到了......关键在这里：

success: function(response) { .. }

只是玩响应可能是这样的：

success: function(response) {
    if (response == "wrong password") alert ("don't guess");
    else if (response == "password changed") alert ('you got it! congrats!');
}

Answer 2

我认为Vytautas提出了一个很好的观点，我从来没有读过这一切，但我只是想给你一个重要的暗示

将$PDO->connect放入try {} catch（）{}

如果PDO connect函数出错，则会输出您的数据库信息，包括密码。

密码更新 - PHP，Jquery，Ajax

2 个答案: