密码没有在php.Plz中更改检查代码

时间:2010-02-06 13:17:39

标签: php

我的主页上有链接更改密码。我告诉你我在做什么......

  • 首先我创建一个名为edit_profile.php的html表单,其中我有三个文本框旧密码,新密码,确认密码。我已将此页面作为主页链接更改密码。
  • 下一页我设计了名为edit_profile1.php,如果新密码和确认密码相同,我将在其中进行合作
  • 然后我使用password = old password
    • 进行查询以搜索数据

但是这个页面不起作用。现在我给你代码两个文件,最后我会告诉你我面临的类型错误.. 

edit_profile.php
<?php
session_start();
?>

<html>
<body bgcolor="pink">
<table cellpadding="10" cellspacing="6" align="center" width="500">
<form name="form" action="edit_profile1.php" method="POST" >
<tr>
<td><b><i>Your Username</i></b></td>
<td><input type="text" name="username" id="username" size="30" maxlength="30" value="<?php echo $_SESSION['employee']['username']; ?>" disabled="disabled"></td>
</tr>

<tr>
<td><b><i>Old Password</i></b></td>
<td><input type="password" name="opassword" id="opassword" size="30" maxlength="30" value="" ></td>
</tr>


<tr>
<td><b><i>New Password</i></b></td>
<td><input type="password" name="npassword" id="npassword" size="30" maxlength="30" value="" ></td>
</tr>


<tr>
<td><b><i>Confirm Password</i></b></td>
<td><input type="password" name="cpassword" id="cpassword" size="30" maxlength="30" value="" ></td>
</tr>


<tr>
<td align="center" colspan="100"> <input type="submit" name="submit" value="Change Password"></td>
</tr>

</table>    
</body>
</html>

下一页

Next page is for edit_profile1.php
<?php
session_start();
if(isset($_POST['opassword']) && ($_POST['npassword'])) 
{
    $con=mysql_connect("localhost","root","");
    if(!$con)
    {
       die('Could Not Connect:'.mysql_error());
        } 

    mysql_select_db("tcs",$con);
    $a=$_POST['opassword'];   //old password value
    $b=$_POST['npassword'];   //new password value
    $c=$_POST['cpassword'];

 if ($b==$c)  //checking if both new passowrd and c.password are equal or not
    {   

    $pwd=hash('sha1',$b);  //new value is assigned to pwd variable  
    $usr=$_SESSION['employee']['username'];  //this varaible have value of username
    $query="select * from employee where Username='{$usr}' and Password='{$a}'";  
    $result=mysql_query($query,$con);
    $count = mysql_num_rows($result);

           if ($count == 1)
          {
                $sql="update employee set Password='$pwd'";
        $deepak=mysql_query($sql,$con);

        if($deepak)
        {
            echo "Updation Successfull";
        }
        else
        {
        echo "Updation Not Possible.Some Error is there";
        }
      }
    else
    {
    echo "There is some problem in macthing the old password with database password";
    }


   }            

   else
    {
    echo "Both Passwords are Not equal";
    }

}
else
{
echo 'Error! Passwords were not sent!';
}

?>

<html>
<body bgcolor="orange">
<h4 style="position: relative;"><a href="home_page.php" style="position: absolute; left: 0;">Home Page</a></h4>
</body>
</html>

错误:

每当我尝试执行我的程序时,错误就是 使用数据库密码

对旧密码进行管理存在一些问题

现在我没有得到我错误的地方。在数据库中我只有一个用户行.Plz告诉我什么是错误

2 个答案:

答案 0 :(得分:1)

不应该

$query="select * from employee where Username='{$usr}' and Password='{$c}'";  


$a = hash('sha1', $a); // added after conversation in comments
$query="select * from employee where Username='{$usr}' and Password='{$a}'";

代替? ($a代替$c ..)

答案 1 :(得分:0)

您的脚本似乎容易受到mysql注入的攻击!

mysql_real_escape_string应用于您在SQL查询中插入的每个值!

您的比较可能无法正常工作,因为从表单中检索的值中有多余的空格。尝试:

$a=trim($_POST['opassword']);   //old password value
$b=trim($_POST['npassword']);   //new password value
$c=trim($_POST['cpassword']);

此外:

if(isset($_POST['opassword']) && ($_POST['npassword']))

无效。

你必须使用:

isset($_POST['opassword']) && isset($_POST['npassword'])
相关问题
最新问题