我正在一个有注册系统的网站上工作。在userCP中,您可以更改密码。我为它制作了这个脚本,但它不起作用。有人能帮助我吗?当我更改密码时,它不会给出错误,但它不会更新它。
PHP代码:
<?php
if (isset($_POST['updatePassBtn']))
{
$cpassword = $_POST['cpassword'];
$npassword = $_POST['npassword'];
$rpassword = $_POST['rpassword'];
if (!empty($cpassword) && !empty($npassword) && !empty($rpassword))
{
if ($npassword == $rpassword)
{
if (mysql_num_rows(mysql_query("SELECT * FROM `users` WHERE `username` = '".$_SESSION['username']."' AND `password` = '".SHA1($cpassword)."'")))
{
mysql_query("UPDATE `users` SET `password` = '".SHA1($npassword)."' WHERE `username` = '".$_SESSION['username']."' AND `ID` = '".$_SESSION['id']."'");
echo '<div class="nNote nSuccess hideit"><p><strong style="color:green;">SUCCESS: </strong>Password Has Been Updated</p></div>';
}
else
{
echo '<div class="nNote nFailure hideit"><p><strong style="color:red;">FAILURE: </strong>Current Password is incorrect.</p></div>';
}
}
else
{
echo '<div class="nNote nFailure hideit"><p><strong style="color:red;">FAILURE: </strong>New Passwords Did Not Match.</p></div>';
}
}
else
{
echo '<div class="nNote nFailure hideit"><p><strong style="color:red;">FAILURE: </strong>Please fill in all fields</p></div>';
}
}
?>
我的表格:
<form action="" class="form" method="POST">
<fieldset>
<label></label>
<input name="cpassword" type="text" value="Current Password" onfocus="this.value = (this.value=='Current Password')? '' : this.value;" onblur="if(this.value == ''){this.value='Current Password';}"/>
</fieldset>
<fieldset>
<label></label>
<input name="npassword" type="text" value="New Password" onfocus="this.value = (this.value=='New Password')? '' : this.value;" onblur="if(this.value == ''){this.value='New Password';}"/>
</fieldset>
<fieldset>
<label></label>
<input name="rpassword" type="text" value="Repeat Password" onfocus="this.value = (this.value=='Repeat Password')? '' : this.value;" onblur="if(this.value == ''){this.value='Repeat Password';}"/>
<input type="submit" value="Update" name="updatePassBtn"/>
</fieldset>
</form>
答案 0 :(得分:2)
您计算与用户名和密码匹配的行数,但是当您更新时,您还必须具备匹配$ _SESSION [&#39; id&#39;]的条件。如果您的会话未包含正确的“ID”,那么您的更新可能不会匹配任何行。
在报告更新成功之前,您应该先检查mysql_affected_rows()。
您还应检查mysql函数是否返回成功(如注释中的@RocketHazmat建议)。许多人在出错时返回false
。
答案 1 :(得分:-1)
mysql_query("UPDATE `users` SET `password` = '".SHA1($npassword)."' WHERE `username` = '".$_SESSION['username']."' AND `ID` = '".$_SESSION['id']."'");
您已设置mysql_query,但我没有看到您执行它