php:表单更改密码并插入当前密码

时间:2014-04-11 09:30:30

标签: javascript php jquery mysql css

我正在制作一个表单,如果用户想要更改密码,我制作了一个可以从数据库更改密码的代码,但是我想在更改密码之前实现一些功能,会询问当前密码以便他们可以更改他们的密码,但怎么办呢?

更新数据库的代码: 强文      

$result = mysqli_query($con,"SELECT * FROM admin");
if ($row = mysqli_fetch_array($result)) {
    $id=$row['id'];
    mysqli_query($con,"update admin set password=SHA1( CONCAT('Rajendra')) WHERE id='$id'");
}
echo "<h2>Your password is successfully changed..</h2>";
mysqli_close($con);
?>

这是表格的代码:

<?php
include('lock.php');
?>

<form method="post" action="db_change_password.php">

            <label><strong>Current password: </strong></label>
            <input type="password" name="current_password" value="password"><br><br>
            <label><strong>New password: </strong></label>
            <input type="password" name="password" value="password"><br><br>
            <label><strong>Confirm password: </strong></label>
            <input type="password" name="confirm_password" value="password"><br><br>
            <input type="submit" value="Submit">

            <label><p><strong><br>NOTE: </strong>After changing password, you have to put your new password during login time.</p></label>
        </form>

编辑

登录脚本:

<?php
include("config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST")
{
// username and password sent from Form
    $myemail=mysql_real_escape_string($_POST['email']);
    $mypassword=mysql_real_escape_string($_POST['password']);

    $sql="SELECT * FROM admin WHERE email='$myemail' AND password='".sha1($mypassword)."'";

    $result=mysql_query($sql);
    $row=mysql_fetch_array($result);
    $active=$row['active'];
    $count=mysql_num_rows($result);


// If result matched $myemail and $mypassword, table row must be 1 row
    if($count==1)
    {
        $_SESSION["myemail"];
        $_SESSION['login_user']=$myemail;

        header("location: home.php");
    }
    else
    {
        header("location: invalid_login_form.php");
    }
}
?>

2 个答案:

答案 0 :(得分:0)

在更新密码之前,您可以添加一项检查以测试当前密码。

答案 1 :(得分:0)

然而,我会与user_id进行会话

$result = mysqli_query($con,"SELECT * FROM admin WHERE email = '".$_SESSION['email']."'");

if ($row = mysqli_fetch_array($result)) {
    if(sha1($_POST['current_password']) == $row['password'])
    {
       $id=$row['id'];
       mysqli_query($con,"update admin set password=SHA1( CONCAT('Rajendra')) WHERE id='$id'");
     } else {
       echo "incorrect password";
     }
}
相关问题
最新问题