在codeigniter中更改密码模块

时间:2016-03-14 15:40:46

标签: php codeigniter

有人可以帮帮我吗?我已经在这段代码中坚持了几天。我希望有人可以帮助我..

我的问题是,如果旧密码正确并且新密码和重新输入密码不匹配,它仍会更改数据库中的密码..

这是我的控制者:

 public function changepwd(){
  $this->load->view('changepassword'); // this is my view
  $this->load->helper('security');
  $this->load->library('form_validation');
  $this->form_validation->set_rules('opassword','Old Password','required|trim|callback_change["empID"]');
  $this->form_validation->set_rules('npassword','New Password','required|trim');
  $this->form_validation->set_rules('cpassword','Confirm Password','required|trim|matches[npassword]');

  if ($this->form_validation->run() == FALSE){

    echo validation_errors("<div class='alert alert-danger alert-dismissable'><button type='button' class='close' data-dismiss='alert' aria-hidden='true'>×</button>","</div>");

  }

}

public function change($id){
  $session_data = $this->session->userdata('logged_in');
  $query=$this->db->query("select * FROM employee WHERE empID= " .$this->session->userdata('empID'));

  foreach ($query->result() as $my_info) {
      $db_password = $my_info->password;
      $db_id = $my_info->empID; 
  }

  if((md5($this->input->post('opassword', $db_password)) == $db_password) && ($this->input->post('npassword') != '') && ($this->input->post('cpassword')!='')) { 

      $fixed_pw = md5($this->input->post('npassword'));
      $update = $this->db->query("Update employee SET password='$fixed_pw' WHERE empID='$db_id'")or die(mysql_error()); 
      $this->form_validation->set_message('change','<div class="alert alert-success"><a href="#" class="close" data-dismiss="alert">&times;</a>
      <strong>Password Updated!</strong></div>');

  } else {
      $this->form_validation->set_message('change','<div class="alert alert-error"><a href="#" class="close" data-dismiss="alert">&times;</a>
      <strong>Wrong Old Password!</strong> </div>');

  }    
}

1 个答案:

答案 0 :(得分:2)

md5($this->input->post('opassword', $db_password)) == $db_password)
  && ($this->input->post('npassword') != '')
  && ($this->input->post('cpassword') != '')

第一行检查旧密码是否正确。后两行检查新密码和确认密码是否为空。

尝试添加一个检查密码是否相等的术语:

... && ($this->input->post('npassword') == $this->input->post('cpassword'))

可能会工作。

您的代码还有其他令我担心的事情。但这是另一个故事。 (阅读SQL注入,MVC模式以及如何在数据库中安全地存储用户密码)

相关问题
最新问题