我真的需要你的帮助。我们的老板要我检查为什么他不能访问之前我们以前的开发人员提供的登录表单,并要求我可以重置或更新他们的密码。我是PHP和SQL的新手,但我对它们有基本的了解。
我尝试使用phpmysql重置密码,但仍然无法访问始终显示和错误消息
登录信息无效!
你们可以帮助我吗? Bellow是我们以前的开发人员的脚本。
<?php
include("./inc.config.php");
include("./inc.utils.php");
include("./inc.mysql.php");
include("./inc.sysprod.php");
$db = new sql_db(HOST, USER, PASS, DB, false);
$sCompName = GetCompName($db);
session_start();
if ($_POST["sc_submit"])
{
if (isset($_POST["uname"]) && isset($_POST["pword"]))
{
$db = new sql_db(HOST, USER,PASS, DB, false);
$sSQL = "SELECT member_code, nickname FROM members WHERE user_name = '".uAddSlashes($_POST["uname"])."' ".
"AND pass_word = password('".uAddSlashes($_POST["pword"])."') ";
$rResult = $db->sql_query($sSQL);
if ($db->sql_numrows($rResult) == 1)
{
if (!isset($_SESSION["sc_mcode"]))
{
$rRow = $db->sql_fetchrow();
$_SESSION["sc_mcode"] = $rRow["member_code"];
$_SESSION["sc_nname"] = $rRow["nickname"];
$_SESSION["sc_stime"] = adjustTime(TIME_OFFSET, mktime());
$_SESSION["sc_productcode"] = "";
$_SESSION["sc_mlastname"] = "";
$_SESSION["sc_mfirstname"] = "";
$_SESSION["sc_maddress"] = "";
$_SESSION["sc_memail"] = "";
$_SESSION["sc_mcontactno"] = "";
$_SESSION["sc_rcode"] = "";
$_SESSION["sc_rlastname"] = "";
$_SESSION["sc_rfirstname"] = "";
$_SESSION["sc_remail"] = "";
$_SESSION["sc_raddress"] = "";
$_SESSION["sc_rcontactno"] = "";
$_SESSION["sc_vquestion"] = "";
$_SESSION["sc_vanswer"] = "";
$_SESSION["sc_center"] = "";
$db = new sql_db(HOST, USER, PASS, DB, false);
$sSQL = "INSERT INTO logs SET session = '".$_COOKIE[session_name()]."', ".
"member_code = '".uAddSlashes($_SESSION["sc_mcode"])."', ".
"start_login = '".$_SESSION["sc_stime"]."', ".
"last_login = '".$_SESSION["sc_stime"]."' ";
$rResult = $db->sql_query($sSQL);
$eError = $db->sql_error();
$db->sql_close();
header("Location: sendinfo.php");
}
}
else {
$invalid = 1;
}
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title><?php echo $sCompName; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<LINK HREF="layout.css" REL="stylesheet" TYPE="text/css">
</head>
<body>
<TABLE WIDTH="100%" HEIGHT="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0">
<FORM NAME="frmLogin" METHOD="POST" ACTION="login.php">
<TR>
<TD ALIGN="CENTER"><TABLE BORDER="0" CELLSPACING="0" CELLPADDING="0">
<TR ALIGN="CENTER">
<TD HEIGHT="30" COLSPAN="2" CLASS="Text">Login Here</TD>
</TR>
<?php
if ($invalid == 1) {
?>
<TR ALIGN="CENTER">
<TD HEIGHT="30" COLSPAN="2" CLASS="Text"><FONT COLOR="#FF0000"><? echo "Invalid username and/or password!"; ?></FONT></TD>
</TR>
<?php } ?>
<TR>
<TD HEIGHT="30" CLASS="Text"> username </TD>
<TD HEIGHT="30" CLASS="Text1">
<INPUT TYPE="text" NAME="uname" CLASS="Fields" STYLE="width:150px;">
</TD>
</TR>
<TR>
<TD HEIGHT="30" CLASS="Text"> password </TD>
<TD HEIGHT="30" CLASS="Text1"><INPUT NAME="pword" TYPE="password" CLASS="Fields" STYLE="width:150px;">
</TD>
</TR>
<TR ALIGN="CENTER">
<TD HEIGHT="30" COLSPAN="2">
<INPUT TYPE="submit" NAME="sc_submit" VALUE="log-in" CLASS="Fields" STYLE="width:100px;"></TD>
</TR>
</TABLE></TD>
</TR>
</FORM>
</TABLE>
</body>
</html>
我不知道发生了什么。在我解决同样的问题之前,但这次对我来说非常困难。
答案 0 :(得分:0)
我注意到在phpmyadmin上通过选择密码字段上的PASSWORD函数更新密码时出现错误
警告:#1265数据截断列
我尝试将函数更改为md5或old_password以及更改脚本上的类型:
"AND pass_word = password('".uAddSlashes($_POST["pword"])."') ";
到
"AND pass_word = md5('".uAddSlashes($_POST["pword"])."') ";
它现在有效。非常感谢..我不知道错误意味着什么