您好我想更改来自我的数据库的密码,我首先要验证用户的旧密码,但我的$查询不等于$opword,原因可能是什么?
我试图从过去8小时得到结果,但我不知道我哪里出错了请事先帮助我。
<?php
session_start();
require_once('../includes/config.php');
if(isset($_POST['submit'])) {
require_once('../includes/config.php');
$opword = $_POST['opword'];
$npword = $_POST['npword'];
$cpword = $_POST['cpword'];
$string = "SELECT password FROM admin WHERE username = '$_SESSION[uname]'";
$query = mysqli_query($dbc,$string);
if($opword == $query) {
echo "yup";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?php
require_once('includes/menu.php');
?>
<form action="changepassword.php" method="post">
<p><label>Old Password:</label><input type="password" name="opword"></p>
<p><label>New Password:</label><input type="password" name="npword"></p>
<p><label>Confirm Changed Password:</label><input type="password" name="cpword"></p>
<input type="submit" value="Change Password" name="submit">
</form>
</body>
</html>
答案 0 :(得分:1)
因为您尝试将密码与结果对象进行比较。您需要从数据结果中获取密码字段
if($opword == $query->password) {// fatch password form result data
注意: - 不要将普通密码存储到数据库中
答案 1 :(得分:1)
在将密码存储到数据库(password_hash)之前,不要忘记使用预准备语句并哈希密码。
$session_username = $_SESSION['uname'];
//Take only one username
if ($stmt = $dbc->prepare("SELECT password FROM admin WHERE username = ? LIMIT 1")) {
$stmt->bind_param("s", $session_username);
$stmt->execute();
$stmt->store_result();
$result = $stmt->get_result();
$row = $result->fetch_assoc();
if ($row['password'] == $opword) {
echo 'yup';
}
}
答案 2 :(得分:0)
在以下声明之后:
$query = mysqli_query($dbc,$string);
在比较比较之前使用它:
$row = mysqli_fetch_array($query);
if($opword == $row[0]) {
echo "yup";
}