更新帐户信息PDO / PHP

时间:2016-03-29 23:09:17

标签: php mysql pdo

我正在尝试创建edit.php,以便用户可以更改密码并更改其信息,如电子邮件,用户名。

用户名是记录的会话用户,因此如果用户名更改,我需要使用新用户名更新会话。它没有用。我不知道为什么。 谢谢您的帮助。这是代码edit.php 

<?php 
require('includes/config.php'); 
if(!$user->is_logged_in()){ header('Location: login.php'); } 
?>
<?php
class info {    
}
$username= $_SESSION['username'];
$sql = 'SELECT * FROM users WHERE username = :username';
$query= $db->prepare($sql);
$query->execute( array(

          ':username' => $username, 
));
$query->setFetchMode (PDO::FETCH_CLASS, 'info');
while($r= $query->fetch(PDO::FETCH_OBJ)) {
    $email = $r->email;
    $namefull = $r->namefull;
    $usertype = $r->usertype;
    $password = $r->password;
    }
if(isset($_POST['submit'])){
    if(strlen($_POST['username']) < 3){
        $error[] = 'Username deve avere almeno 4 lettere.';
    } else {
        $stmt = $db->prepare('SELECT username FROM users WHERE username = :username');
        $stmt->execute(array(':username' => $_POST['username']));
        $row = $stmt->fetch(PDO::FETCH_ASSOC);
        if(!empty($row['username'])){
            $error[] = 'Username già in uso.';
        }
    }
    if(!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)){
        $error[] = 'Inserisci una email valida';
    } else {
        $stmt = $db->prepare('SELECT email FROM users WHERE email = :email');
        $stmt->execute(array(':email' => $_POST['email']));
        $row = $stmt->fetch(PDO::FETCH_ASSOC);
        if(!empty($row['email'])){
            $error[] = 'Email già in uso.';
        }
    }
    if(!isset($error)){
        try {
            $stmt = $db->prepare("UPDATE users SET (username,email,usertype) VALUES (:username, :email,:usertype) WHERE username='".$username."'");
            $stmt->execute(array(
                ':username' => $_POST['username'],
                ':email' => $_POST['email'],
                ':usertype' => $_POST['usertype'],
            ));
            header('Location: edit.php?action=joined');
            exit;
        } catch(PDOException $e) {
            $error[] = $e->getMessage();
        }

      }
}
?>

这是重置密码的动作表单,我创建了edit-reset.php 

<?php 
if(isset($_POST['submit'])){
    if(strlen($_POST['password']) < 3){
        $error[] = 'Password deve contenere almeno 4 lettere.';
    }

    if(strlen($_POST['passwordConfirm']) < 3){
        $error[] = 'Conferma password deve contenere almeno 4 lettere.';
    }

    if($_POST['password'] != $_POST['passwordConfirm']){
        $error[] = 'Le password non sono uguali.';
    }


    //if no errors have been created carry on
    if(!isset($error)){

        //hash the password
        $hashedpassword = $user->password_hash($_POST['password'], PASSWORD_BCRYPT);

        //create the activasion code
        $activasion = md5(uniqid(rand(),true));

        try {

            //insert into database with a prepared statement
            $stmt = $db->prepare('INSERT INTO users (username,password,email,active) VALUES (:username, :password, :email, :active)');
            $stmt->execute(array(
                ':username' => $_POST['username'],
                ':password' => $hashedpassword,
                ':email' => $_POST['email'],
                ':active' => $activasion
            ));
            $id = $db->lastInsertId('id');

            //send email
            $to = $_POST['email'];
            $subject = "Cambio password";
            $body = "<p>La tua password è stata cambiata!</p>
            <p>Amministrazione Dixard</p>";

            $mail = new Mail();
            $mail->setFrom(SITEEMAIL);
            $mail->addAddress($to);
            $mail->subject($subject);
            $mail->body($body);
            $mail->send();

            //redirect to index page
            header('Location: register.php?action=joined');
            exit;

        //else catch the exception and show the error.
        } catch(PDOException $e) {
            $error[] = $e->getMessage();
        }

        //aggiornare la sessione con la nuova password




    }      

}

?>

这里是两个表格(更改电子邮件,用户名,用户类型和更改密码):

                                                 用户名                           &#34;&GT;                                                                         Tipologia帐户                           &#34;&GT;                                                                         电子邮件地址                           &#34;&GT;                                              萨尔瓦                    
              <h2 class="strong-header large-header">Change Password</h2>
              <form role="form" action="edit-reset.php" method="post" novalidate>
                   <div class="form-group">
                      <label for="password">Password corrente</label>
                      <input type="password" placeholder="Password" name="password_corrent" id="password" class="form-control"  required>
                  </div>

                   <div class="form-group">
                      <label for="password">Nuova Password</label>
                      <input type="password" placeholder="Nuova Password" name="password" id="password" class="form-control"  required>
                  </div>
                  <div class="form-group">
                      <label for="password-repeat">Conferma Nuova password</label>
                      <input type="password" name="passwordConfirm" id="passwordConfirm"class="form-control" placeholder="Conferma Nuova Password" required>
                  </div>

                  <button type="submit" class="btn btn-primary">Cambia Password</button>
              </form>

1 个答案:

答案 0 :(得分:0)

如果您已使用edit.php脚本登录用户名或电子邮件,则不会排除当前用户的id。因此,用户每次想要更改其中一个用户时,都必须更改用户名 AND 电子邮件。

此外,在更新数据库中的数据后,您不会更新$_SESSION['username']以保持用户登录(假设用户名已被修改)。

相关问题
最新问题