PHP MySQL中的密码更改脚本

时间:2014-09-17 10:27:15

标签: php mysql

请使用此密码更改脚本帮助

这里的mys HTML代码

<form method="POST" action="pass.php">

Current Password:
<input type="password" name='password'/>

New Password
<input type="password" id="password1" name="password1"/>

Retype New Password:</td>
<input type="password" id="password2" name="password2"/>

<input type="submit" value="Change Password">   

 </form>

这是我改变密码的php脚本。它工作正常,但是当我尝试登录新密码时,它总是不正确的。

              $userData = $qry->fetch(PDO::FETCH_ASSOC);
              $hash = hash('sha256',$userData['salt'].hash('sha256',$password));

                  if ($hash == $userData['password']) {

                        $hash1 = hash('sha256', $password1);
                        function createSalt()
                        {
                            $text = md5(uniqid(rand(), TRUE));
                            RETURN substr($text, 0, 3);
                        }
                        $salt = createSalt();
                        $pass = hash('sha256', $salt . $hash1);


                        $qry = $handler->prepare( "UPDATE login SET password = ? WHERE id = ?" );
                        $qry->execute(array($pass,$id));  
                        $error = 'Password successfully changed! The system will now log you out. Please login again.';
                        session_destroy();
                        header('refresh:5; url=/../lab/login.php');            
                  }else{
                    $error = 'Incorrect Password.';
                  }

这是我的登录脚本供参考。

<?php
$errors = array();
if ($email&&$pass){
$qry = $handler->prepare( "SELECT `email` FROM login WHERE `email` = ?" );
$qry->bindValue( 1, $email );
$qry->execute();
$row = $qry->rowCount();

  if ($row == 1){
    $qry = $handler->prepare( "SELECT * FROM login WHERE email = ? AND stat = '1'" );
    $qry->bindValue( 1, $email );
    $qry->execute();
    $row = $qry->rowCount();
        if ($row == '1'){ 
        $userData = $qry->fetch(PDO::FETCH_ASSOC);
        $hash = hash('sha256',$userData['salt'].hash('sha256',$pass));


          if($hash == $userData['password']){
            $_SESSION['email']=$email;
            header('Location:/../lab/profile.php');
          }
          else{
            $errors = "<center>The Password/Email you Entered is incorrect. Please check your login Details and <br><a href='/../lab/login.php' style='font-size:12px;text-decoration:underline;'>Login Again</a></center> ";
          }
        } 

        else{
          $errors = "Your Account is not yet activated. Please check your email."; 
        }
   }
  else{
    $errors = "<center>The Password/Email you Entered is incorrect. Please check your login Details and <br><a href='/../lab/login.php' style='font-size:12px;text-decoration:underline;'>Login Again</a></center>";
  }
}

else{
  $errors = "Please fill in the Email and Password fields to login";
 }
?>

一切正常。只是当我尝试更改密码然后登录新密码时,系统返回错误的密码。也许加密新密码存在一些问题。

谢谢

1 个答案:

答案 0 :(得分:0)

这是完整的PHP脚本吗? 有很多方法可以调试它。

  • 尝试回复$_POST['password1'];也许它没有值。
  • 你试过$hash1 = hash('sha256', $_POST['password1']);
  • 或者您忘了在$pass
    • 中哈希if ($email&&$pass)

从我在你的代码中看到的。上面列出的是您遇到问题的最重要原因。

相关问题
最新问题