我正在为我的网站制作一个密码更改程序,这导致我的所有用户密码都变成了相同的密码。
我使用的代码如下所示。
如果有人能帮助我,那将非常感谢他/她。
//if form has been submitted process it
<br/>
if(isset($_POST['submit'])){
$stmt = $db->prepare('SELECT password FROM user WHERE password = :hashedpassword');
$stmt->execute(array(':hashedpassword' => $_POST['password']));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if(strlen($_POST['password']) < 3){
$error[] = 'Password is too short.';
}
if(strlen($_POST['passwordConfirm']) < 3){
$error[] = 'Confirm password is too short.';
}
if($_POST['password'] != $_POST['passwordConfirm']){
$error[] = 'Passwords do not match.';
}
//if no errors have been created carry on
if(!isset($error)){
//hash the password
$hashedpassword = $user->password_hash($_POST['password'], PASSWORD_BCRYPT);
try {
//insert into database with a prepared statement
$sql="UPDATE user SET password = :hashedpassword";
$stmt = $db->prepare($sql);
$stmt->execute(array(
':hashedpassword' => $hashedpassword
));
//redirect to index page
header('Location: login.php?action=resetAccount');
exit;
//else catch the exception and show the error.
} catch(PDOException $e) {
$error[] = $e->getMessage();
}
}
}