我试图创建一个用来更改用户密码的php,但我的php一直挂在某事上。我已成功检查我的代码以确保您正确输入旧密码,这很正常,但是现在当我尝试使用新密码更新密码时,页面会变为空白屏幕。
<?php
require("common.php");
if(empty($_SESSION['email']))
{
header("Location: main.php");
die("Redirecting to Frontpage");
}
$fname = $_SESSION['fname']['fname'];
$lname = $_SESSION['lname']['lname'];
$email = $_SESSION['email']['email'];
$queryPost = "SELECT * FROM db WHERE email = :email";
$stmt = $db->prepare($queryPost);
$stmt->bindValue(':email', $email);
$stmt->execute();
$row = $stmt->fetch();
$pass_correct = false;
if($row)
{
$check_password = hash('sha256', $_POST['oldpass'] . $row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password === $row['pass'])
{
$pass_correct = true;
}
else
{
header("refresh:2; url=accountsettings.php");
die("Old Password incorrect....turning around");
}
}
if($pass_correct)
{
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['newpass'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
$query = "UPDATE db SET pass=':pass', salt=':salt' WHERE email = :email";
$query_params = array(':pass' => $password, ':salt' => $salt);
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
header("refresh:2; url=accountsettings.php");
die("Password changed....turning around");
}
?>
我觉得它被赶上if($ pass_correct)语句