试图允许用户更改他们的电子邮件

时间:2014-10-20 15:54:55

标签: php mysql

我只是想让用户更改其详细信息,'用户名'和密码'我试图让用户也更新他们的电子邮件,然后更新PHP我的用户名'和密码'有效,但我正在努力与电子邮件。有没有想法?

<?php
session_start();



$username = $_SESSION['sess_user'];

echo '<div class="search1"><h2>'.$username.'</h2></div>';


if (isset($_SESSION['sess_user']))
{
//user is logged in

if (isset($_POST['submit']))
{
//start changing password
//check fields

$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$email = md5($_POST['email']);


$repeatnewpassword = md5($_POST['repeatnewpassword']);

//check password against db
include('../includes/config.php');

$queryget = mysql_query("SELECT password FROM login WHERE username='$username'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];

//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db

$querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE   username='$username'");
$querychange = mysql_query("UPDATE login SET email='$email' WHERE   email='$email'");
die("<div class='successmate'>Your password has been changed. <a href='index2.php'><br><br> Return</a></div>");
}
else 
die("<div class='results'>New password doesn't match!</div>");

}else 
die("<div class='results'>Old password doesn't match!</div>");

}
else
{

echo"
<form class='search1' action='changepassword.php' method='POST'>
<label>Old Password:</label> <input type='text' id='password' name='oldpassword'><p>
<label>New Password:</label> <input type='password' id='password' name='newpassword'><p>
<label>Repeat New Password:</label> <input type='password'  name='repeatnewpassword'><p>
<label>Email:</label> <input type='email'  name='email'><p>
<input type='submit' name='submit' class='submit' value='submit'><br><br><br>
<h2><p><a href='index2.php'>Back</a></p></h2>
</form>
";
 }

 }else 
die ("You must be logged in to change your password");


?>

<img src="../images/main.jpg">

谢谢!

2 个答案:

答案 0 :(得分:1)

仔细看看这个:

$querychange = mysql_query("UPDATE login SET email='$email' WHERE   email='$email'");

$email是用户输入的 NEW 电子邮件的md5哈希值。由于它是新的电子邮件地址,可能它还不在数据库中,因此更新将无效。

答案 1 :(得分:0)

上述两个答案都应该告诉您问题所在,但是解决问题的正确方法是实现自动增量列或其他一些唯一/主要列。如果多个用户具有相同的用户名,或者您要更新所有用户。

另外,你有什么理由要md5这个电子邮件地址?

$email = md5($_POST['email']);

应该是

$email = $_POST['email'];

最后的想法:你的查询可能容易受到注入。不要忘记escape,甚至更好,使用PDO:)

相关问题
最新问题