Question

我正在运行以下代码，尝试将我的数据库中的当前密码更新为允许更改密码的表单中指定的新密码。我在两个字段中输入相同的密码，所以我不明白为什么会发生错误。

      <form method='post' action="changepasswordphp.php">

        <p align="center"><strong> Complete the form to change your password </strong> </p>
            <br/>
                <label><strong>Enter Old Password:</strong></label>                 
                <input name='oldpw' type='password' required='required'/>
            <br/>
            <br/>
                <label><strong>Enter New Password:</strong></label>
                <input name='newpw' type='password' required = 'required' />  
            <br/>
            <br/>
                <label><strong>Confirm New Password:</strong></label>               
                <input name='conpw' type='password' required = 'required' />
            <br/>
            <br/>
                <input type='submit' value='Submit' class ="submit" id="submit" />          
        </form>

$mysqli = new mysqli("localhost", "root", "DBPASS", "DBNAME");
if (isset($_POST['newpw'])){
$pw=$mysqli->query("SELECT userPass FROM usertable WHERE userID= '" . $_SESSION['sess_uid'] . "'");
            $row = $pw->fetch_object();
            $pawo = $row->userPass; 

if (md5($_POST['oldpw'])== $pawo){

    if (md5($_POST['newpw'])===(md5($_POST['conpw']))){
     $mysqli->query("UPDATE usertable SET userPass='" . md5($_POST['newpw']) . "' WHERE userID='" . $_SESSION['sess_uid'] . "'");
     }
    else { echo "Passwords don't match"; }
    }

else { echo "An Error Occured";}
}

？

＆GT;
我收到错误消息“An Error Occured”，我不确定导致此问题的原因。任何帮助将不胜感激！

由于

Answer 1

我没有明确熟悉MySQLi代码，但这看起来不对：

$pw=@$mysqli->query("SELECT userPass FROM usertable WHERE userID= '" . $_SESSION['sess_uid'] . "'");
        $row = $pw->fetch_object();
        $pawo = $row->password ;

密码字段是userPass还是password？另外，不要使用MD5（使用password_hash）并且不要使用==来比较散列密码。（使用===代替）

更改密码PHP问题

1 个答案: