坚持PHP查询

时间:2014-10-22 16:32:04

标签: php mysql

我创建了一个允许用户更改密码和电子邮件的页面。所有这一切都有效,但出于某种原因,当我只想更改我的电子邮件时,我也得到了当前密码不正确字段。

电子邮件本身在数据库中发生了变化,但是这显示出来了,我显然已经证实了它的内容,但我不确定如何编写一个新的查询,如果忽略以前的查询,只有电子邮件被更改。

enter image description here

我的代码:

<title>Honda |</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href='http://fonts.googleapis.com/css?family=Julius+Sans+One' rel='stylesheet' type='text/css'>
<link href="../css/style.css" rel="stylesheet" type="text/css" media="all" />



<?php
session_start();



$username = $_SESSION['sess_user'];

    echo '<div class="search1"><h2>'.$username.'</h2><div class="search12"><h2><a href="index2.php">Home</a></h2></p></div></div>';


    if (isset($_SESSION['sess_user']))
    {
        //user is logged in

        if (isset($_POST['submit']))
        {
            //start changing password
            //check fields

            $oldpassword = md5($_POST['oldpassword']);
            $newpassword = md5($_POST['newpassword']);
            $email = $_POST['email'];


            $repeatnewpassword = md5($_POST['repeatnewpassword']);


            //check password against db
            include('../includes/config.php');

            $queryget = mysql_query("SELECT password FROM login WHERE username='$username'") or die ("change password failed");
            $row = mysql_fetch_assoc($queryget);
            $oldpassworddb = $row['password'];

            //check passwords
            if ($oldpassword==$oldpassworddb)
            {

                if (isset($_POST['repeatnewpassword']) AND isset($_POST['newpassword']) AND $_POST['newpassword'] != '') {
                    if ($newpassword==$repeatnewpassword)
                    {
                        $querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE   username='$username'");
                        echo "<div class='successmate'><br><br><br><br><hr>Password has been changed!</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
                    }
                    else {echo "<div class='results'>new password(s) dont match</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";}

                }


            }
            else {echo "<div class='results'>current password doesnt match</div><div class='successmate'><h2><p><a href='changepassword.php'><br><br>Try again?</a></p></h2></div>";}


            if (isset($_POST['email']) AND $_POST['email'] != '') {
                $querychange = mysql_query("UPDATE login SET email='$email' WHERE   username='$username'");
                echo "<div class='successmate'><br><br><br><br><hr>Your email has been changed</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
            }}


        else
        {

            echo"
        <form class='search1' action='changepassword.php' method='POST'>
        <label>Current Password:</label> <input type='password' id='password' name='oldpassword'><p>
        <label>New Password:</label> <input type='password' id='password' name='newpassword'><p>
        <label>Repeat New Password:</label> <input type='password'  name='repeatnewpassword'><p>
        <label>Email:</label> <input type='email'  name='email'><p>
        <input type='submit' name='submit' class='submit' value='submit'><br><br><br>
        <h2><p><a href='index2.php'>Back</a></p></h2>
        </form>
        ";


        }}
    else
        die ("You must be logged in to change your password");


    ?>

<img src="../images/main.jpg">

2 个答案:

答案 0 :(得分:0)

您正在检查是否为密码设置了帖子值(它们始终是密码,因为始终会提交该表单元素)。而不是简单地检查是否设置了那些vaues,确保它不是空的。使用empty()另外,在进行比较时不要使用&#34; AND&#34;使用和运算符&#34;&amp;&amp;&#34;。

        if (!empty($_POST['repeatnewpassword']) && !empty($_POST['newpassword'])) {
            if ($newpassword==$repeatnewpassword)
            {
                $querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE   username='$username'");
                echo "<div class='successmate'><br><br><br><br><hr>Password has been changed!</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
            }
            else {echo "<div class='results'>new password(s) dont match</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";}

        }

我正在查看错误的代码块。以上建议是很好的建议,但问题出在这里:

如果密码字段为空,则这些字段将永远不会相同,因此if ($oldpassword==$oldpassworddb)将始终评估为false。

尝试

if ($oldpassword==$oldpassworddb && !empty($_POST['oldpassword']))

答案 1 :(得分:-1)

您的查询可能正在吐出一个数组。尝试执行print_r($row)并检查输出。我有一种感觉,你在这里得到一个关联数组,需要以不同方式访问旧密码。将print_r放在此行之后:

$row = mysql_fetch_assoc($queryget);

答案可能是$row[0]['password'];

此外,请勿使用MD5进行散列,使用Scryptsalt and maybe pepper之类的内容。

相关问题
最新问题