如何检查db中是否存在输入的旧密码

时间:2014-11-04 08:49:15

标签: php mysql phpmyadmin

我有一个用户输入id和密码的登录页面。要重置密码,我必须检查输入的密码是否存在,是否与我输入的id匹配。如何验证它。我无法验证它。如果用户输入任何密码,则显示记录已更新。如何验证它。这是代码

的login.php

<label type="text" name="id" maxlength="50" size="20">ID</label><br />
<input type="text" name="id" placeholder="ID" class="input" size="20"/><br /></div>
<div class="formItem">

 <label type="text" name="uid" maxlength="50" size="20">Password</label><br />
<input type="password" name="uid" placeholder="ID" class="input" size="20"/><br /></div>




<span class="field">(* Required field)</span><br /><br />
<input type="submit" name="login1" value="LOGIN" class="button"><br /><br /><br /><br />
</form>

</div>




</body>

</html>

<?php
$username = "root";
$password = "";
$hostname = "localhost"; 
$db = "abc";

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
mysql_select_db($db,$dbhandle) or die('cannot select db');





if(isset($_POST['login1']))
{
$id= $_POST['id'];
$uid= $_POST['uid'];

$query= "select * from resume where id='$id'
AND uid='$uid'";
$run= mysql_query($query);
if(mysql_num_rows($run)>0){
echo "<script>window.open('resetp.php','_self')</script>";
}
else {

    echo "<script>alert('Login details are incorrect!')</script>";
    }
}
?>

resetp.php

 <label type="text" name="uid" maxlength="50" size="20">Old Password</label><br />
<input type="text" name="uid" placeholder="id" class="input" size="20"/><br /></div>    


<div class="formItem">

 <label type="text" name="uid" maxlength="50" size="20">New Password</label><br />
<input type="password" name="pass" placeholder="pass" class="input" size="20"/><br /></div>
<div class="formItem">
 <label type="text" name="cpas" maxlength="50" size="20">Confirm Password</label><br />
<input type="password" name="cpas" placeholder="" class="input" size="20"/><br /></div>


<div class="formItem">
<input type="submit" name="login1" value="RESET" class="formButton"><br /><br /><br /><br /></div>
</form>
<?php
$username = "root";
$password = "";
$hostname = "localhost"; 
$db = "resume1";

//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password) or die("Unable to connect to MySQL");
mysql_select_db($db,$dbhandle) or die('cannot select db');
if(isset($_POST['login1']))
{
$pass= $_POST['pass'];
$uid= $_POST['uid'];


$cpas=$_POST['cpas'];

$query = "Update `resume` SET uid='".$_POST['pass']."' where uid='".$_POST['uid']."'";
$run = mysql_query($query);
if($query)
{
    echo "<script>alert('Record updated')</script>";
}
else
{
    echo "<script>alert('no')</script>";


}
}

?>

我如何验证

3 个答案:

答案 0 :(得分:1)

&#13;
&#13;
Try this:

This line

<label type="text" name="uid" maxlength="50" size="20">New Password</label><br />

should be 

<label type="text" name="pass" maxlength="50" size="20">New Password</label><br />
&#13;
&#13;
&#13;

答案 1 :(得分:0)

我想无法理解你的要求。

为什么不像在login.php中那样进行验证

 $query= "select * from resume where id='$id'
 AND uid='$uid'";
 $run= mysql_query($query);.................

答案 2 :(得分:0)

PHP脚本应该在开头,而不是在代码的末尾。从<?php .... ?>开始,然后按照<HTML> ... </HTML>,否则即使在处理脚本之前也会返回结果。

您的代码存在许多安全问题。你可以试试这个。

<?php
   require 'db.php';

   $username = isset($_POST['username']) ? htmlspecialchars(trim($_POST['username']), ENT_QUOTES, 'UTF-8') : '';
    $password = isset($_POST['password']) ? htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8') : '';

   $error = array();
   $error_found = 0;

   if(isset($_POST['submit']) && ($_POST['submit'] == 'Reset'))
    {
        //check for errors.
        //check if username field is empty.
        if(empty($username))
         {
             $error[] = 'Please provide your user-name.';
         }
         //check if password field is empty.
         if(empty($password))
         {
             $error[] = 'Please provide a password.';
         }
         //if errors exist, put errors found as true.
         if(!empty($error))
         {
             $error_found = 1;
         }
         //else no errors are found.
         else
        {
            //proceed to reset.
            //connecting to database.
            $db = mysql_connect(MYSQL_HOST, MYSQL_USER, MYSQL_PASSWORD) or die('Unable to connect, check your connection parameters. ');
            mysql_select_db(MYSQL_DB, $db) or die('Could not select database, check availability. ' . mysql_error($db));

            //querying the database. Checking if user-name password combination exists.
            $query = 'SELECT username FROM resume WHERE username = "' . mysql_real_escape_string($username, $db) . 
                        '" AND password = PASSWORD("' . mysql_real_escape_string($password, $db) . '")';

            $result = mysql_query($query, $db) or die(mysql_error($db));

            //checking if result is true.
            if(mysql_num_rows($result) > 0)
            {
                //the result is true and so you can now reset your password.
            }
            else
            {
                $error[] = 'The username password combination you provided does not exist.';
                $error_found = 1;
            }
        }
    }
  //HTML
?>

<!DOCTYPE HTML>
  <html>
     <head><title> ... </title></head>
     <body>
          <!--Your html code here -->
          <?php
             //if errors are found, then errors are shown here.
             if($error_found == 1)
             {
                echo '<fieldset><center>';
                echo '<ul>';
                foreach($error as $e)
                {
                    echo '<li>' . $e . '</li>';
                }
                echo '</ul>';
                echo '</center></fieldset>';
            }
        ?>
        <form action="nameOfThisScript.php" method="POST">
        Username:<input id="username" type="text" name="username" required />
        Password:<input id="password" type="password" name="password" required />
        <button id="Reset" type="submit" name="submit" value="Reset">Reset</button>
        </form>
      </body>
    </html>

在与此脚本相同的文件夹中创建名为db.php的脚本,并输入代码

<?php
define('MYSQL_HOST', 'localhost');
define('MYSQL_USER', 'root');
define('MYSQL_PASSWORD', '');
define('MYSQL_DB', 'resume1');
 ?>

希望这有帮助。