更改mysql表中的密码?

时间:2013-02-09 00:56:42

标签: php html passwords

我的更改密码脚本有问题。我试图允许用户在mysql表'ptb_users.password'中更改他们的密码,它假设将其存储为md5。

当我在表单中点击提交时,我假设它转到了changepassword.php,但页面只是空白,没有任何回应,我没有收到任何错误。

有人可以告诉我这出错的地方,谢谢

这是我的表格:

<?php 
// CONNECT TO THE DATABASE
    require('includes/_config/connection.php');
// LOAD FUNCTIONS
    require('includes/functions.php');
// GET IP ADDRESS
    $ip_address = $_SERVER['REMOTE_ADDR'];  
?>

  <?php require_once("includes/sessionframe.php"); 
  require('includes/checks.php');
?>


<?php

if (isset ($_GET['to'])) {
$user_to_id = $_GET['to'];

}

?> 

<?php 
//We check if the form has been sent
if(isset($_POST['subject'], $_POST['message_content']))
{
    $subject = $_POST['subject'];
    $content = $_POST['message_content'];
        //We remove slashes depending on the configuration
        if(get_magic_quotes_gpc())
        {
                $subject = stripslashes($subject);
                $content = stripslashes($content);
        }
        //We check if all the fields are filled
        if($_POST['subject']!='' and $_POST['message_content']!='')
        {
            $sql = "INSERT INTO ptb_messages (id, from_user_id, to_user_id, subject, content) VALUES (NULL, '".$_SESSION['user_id']."', '".$user_to_id."', '".$subject."', '".$content."');";
            mysql_query($sql, $connection);

            echo "<div class=\"infobox2\">The message has successfully been sent.</div>";
        }
}


if(!isset($_POST['subject'], $_POST['message_content']))

if (empty($_POST['subject'])){
        $errors[] = 'The subject cannot be empty.';

    if (empty($_POST['body'])){
        $errors[] = 'The body cannot be empty.';

    }
    }

{
?>


<form method="post" action="includes/changepassword.php" name="form1" id="form1">
<input type="password" name="oldpassword" id="password" class="subject" placeholder="Old Password">

<input type="password" name="oldpassword" id="password" class="message" placeholder="Old Password">

<input type="password" name="newpassword" id="newpassword" class="message" placeholder="New Password">

<input type="image" src="assets/img/icons/loginarrow1.png" name="submit" id="submit" class="submit">
</form>

这是我的mysql函数:

<?php
require_once("session.php"); 
require_once("functions.php");
require('_config/connection.php');
?>
<?php 

session_start();

include '_config/connection.php'; 

$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];

$result = mysql_query("SELECT password FROM ptb_users WHERE id=".$_SESSION['user_id']."");





if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else 
if($password!= mysql_result($result, 0)) 
{ 
echo ""; 
} 
if($newpassword=$confirmnewpassword) 
{
    $newpassword=md5($newpassword);
    $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id'].""); 
}
    if($sql) 
    { 
    echo "Thank You. Your Password has been successfully changed."; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}  
?>

3 个答案:

答案 0 :(得分:1)

if(isset($_POST['submit']))
{

   $email = $_POST['email'];
   echo $newpassword = ($_POST['password1']);
   echo $confirmpasssword = ($_POST['password2']);

        if($newpassword=$confirmpassword) 
        {
            echo $newpassword = md5($newpassword);
            echo $result = mysql_query("UPDATE users SET password='$newpassword' WHERE email='$email' "); 
        }
                if($result) 
                { 
                echo "Thank You. Your Password has been successfully changed."; 
                }
            else
            { 
            echo "The new password and confirm password fields must be the same"; 
            }  
}

can anyone tell me is this correct coding, to change password and store in mysqldb.

答案 1 :(得分:0)

这有很多问题。

让我们首先了解基础知识:

  1. 不要使用mysql_函数。尽可能切换到PDO或mysqli。

  2. md5即将来临。请参阅this回答 - 可以理解的是,您可能在md5中根深蒂固,如果不纠缠每个用户更新他们的pw,就无法离开。

    3. 你的问题是:

    if($password!= mysql_result($result, 0))

    您没有与md5存储的哈希进行比较。它应该是这样的:

    if(md5($password) != mysql_result($result, 0))

    和此:

    if($newpassword=$confirmnewpassword)

    只是重新分配变量。我想你想要

    if($newpassword == $confirmnewpassword)

    至于输出,您可能需要考虑这里使用的if / else结构。这可以显着清理,所有这些都看起来过时了。也许只是一个意见。

    如果您有特定的事情需要磨练,请告诉我,我可能会更新。

    修改

    应该清理整个街区。这样的事情可能有所帮助:

    if(!$result) 
{ 
    echo "The username you entered does not exist"; 
} 
else
{
    if(md5($password) != mysql_result($result, 0)) 
    { 
        echo "Current PW does not match what we have"; 
    }
    else
    {
        if($newpassword == $confirmnewpassword) 
        {
            $newpassword=md5($newpassword);
            $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id']."") or die(mysql_error());

            if($sql) 
            { 
              echo "Thank You. Your Password has been successfully changed."; 
            } 
        }
        else
        { 
            echo "The new password and confirm new password fields must be the same"; 
        }
    } 
}

答案 2 :(得分:0)

首先你不要正确检查旧密码(md5存储,明文比较......不起作用) 第二,你没有任何确认密码集,所以这也不会起作用

可行的是:

$password = md5($_POST['password']);
$newpassword = md5($_POST['newpassword']);

$result = mysql_query("SELECT password FROM ptb_users WHERE id=".$_SESSION['user_id']." AND password = '".$password."'");
if(!$result) 
{ 
echo "The username you entered does not exist or old password didn't match"; 
} 
else
{
     $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id'].""); 
}
if($sql) 
{ 
    echo "Thank You. Your Password has been successfully changed."; 
}
相关问题
最新问题