使用php / mysql更改密码

时间:2016-04-21 16:03:59

标签: php android mysql passwords

我为一个示例Android应用程序创建了一个注册系统。我可以注册和登录没有任何问题。最后一部分是忘记密码一个。这是我的逻辑。当用户忘记密码时,他会将电子邮件发送到我的服务器,作为回报,他会收到一封电子邮件,告诉他访问链接。该链接将他带到一个页面,他可以输入并确认他的新密码。出于某种原因,密码未更新。

所以我会在这里发布我的代码。

register.php 

   <?php
     session_start();
     require "init.php";
     header('Content-type: application/json');
     $id = $_POST['id'];
     $email = $_POST['email'];
     $user_name = $_POST['user_name'];

     $user_pass = $_POST['user_pass'];
      $passwordEncrypted = sha1($user_pass);  

      $confirmPass = $_POST['confirm_pass'];
      $confPasswordEncrypted = sha1($confirmPass);  

      $msg = "Congratulations. You are now registered to the most amazing   
      app ever!";            

        if(!filter_var($email, FILTER_VALIDATE_EMAIL)){


            $don = array('result' =>"fail","message"=>"Please enter a valid email");

        }    



if($email && $user_name && $user_pass && $confirmPass && filter_var($email, FILTER_VALIDATE_EMAIL)){


    $sql_query = "select * from user_info WHERE email  ='".mysqli_real_escape_string($con, $email)."' or user_name 
    ='".mysqli_real_escape_string($con, $user_name)."'";

    $result = mysqli_query($con, $sql_query);   

    $results = mysqli_num_rows($result);

    if ($results){
        $don = array('result' =>"fail","message"=>"Email or username exists.");
    }else{

        $sql_query = "insert into user_info values('$id','$email','$user_name','$passwordEncrypted','$confPasswordEncrypted');";

        if(mysqli_query($con,$sql_query)){

            $don = array('result' =>"success","message"=>"Successfully registered!Well done");
            mail($email,"Well done. You are registered to my sample app!",$msg);
            $_SESSION['id'] = mysqli_insert_id($con);
        }
    }
}else if(!$email){


        $don = array('result' =>"fail","message"=>"Please enter a valid email");               


    }else if(!$user_name){

        $don = array('result' =>"fail","message"=>"Please enter your username");

    }else if(!$user_pass){

        $don = array('result' =>"fail","message"=>"Please enter a password");

    }else if(!confirmPass){

        $don = array('result' =>"fail","message"=>"Please confirm your password");

    }




    echo json_encode($don);

?>

changepassword.php 

<?php
require "../init.php";
session_start();
if(isset($_POST['update'])){
    $password = $_POST['user_pass'];
    $confpassword = $_POST['confirm_pass'];
    if($password !== $confpassword){
       echo "Passwords don't match!";
    }else{
        $id = $_SESSION['id'];
        if(mysqli_query($con,"UPDATE user_info SET   
        user_pass='$password',confirm_pass = '$confpassword' WHERE id='$id'")){
            echo "Password successfully changed!!!";
        }
    }

}
?>
<!DOCTYPE HTML>
<html>
<head>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
 <link rel="stylesheet" href="css/login-css.css" media="all"/>
 </head>
 <body>

 <div class="updatepass">
   <h1>Update Password</h1>
<form action="" method="post">
    <input type="password" name="user_pass" placeholder="Password" required="required" />
    <input type="password" name="confirm_pass" placeholder="Confirm Password" required="required" />
    <button type="submit" class="btn btn-primary btn-block btn-large" name="update">Update</button>
</form>
</div>

</body>

</html>

有关如何更新密码的任何想法?

感谢。

2 个答案:

答案 0 :(得分:1)

我做到了!由于 Fred -ii - 建议我必须执行选择查询才能选择ID。如此。

<?php
require "../init.php";
session_start();

if(isset($_POST['update'])){
    $password = $_POST['user_pass'];
    $confpassword = $_POST['confirm_pass'];
    if($password !== $confpassword){
       echo "Passwords don't match!";
    }else{
        $select_query = "SELECT id FROM user_info";
        $run_select_query = mysqli_query($con,$select_query); 
        while ($row_post=mysqli_fetch_array($run_select_query)){

             $user_id = $row_post['id']; 

             echo $user_id;

        }

        $update_posts = "UPDATE user_info SET user_pass='$password',confirm_pass = '$confpassword' WHERE id='$user_id'";  
        $run_update = mysqli_query($con,$update_posts); 
        echo "<script>alert('Post Has been Updated!')</script>";
    }

}
?>

但我又要保留密码&#34;不受保护&#34;因为我想学习sql注入如何工作:) :)。如果您还有其他信息,请发表评论..

答案 1 :(得分:0)

编辑:

这是我的看法:

你的问题似乎与

有关 
$_SESSION['id'];

您只在创建帐户时进行设置,但PHP会话不会持续太长时间。因此,如果您的用户已注册并且您在会话中存储了行ID,那么当他们返回更改密码时,您无法指望它在那里。

这可能(可能)当你试图找到你的行来更新密码时幕后发生的事情

http://prntscr.com/av3320

相关问题
最新问题