有人可以告诉我我的代码有什么问题,我无法更改密码吗?

时间:2016-07-20 16:50:07

标签: php mysql 

<html>
<body>

<div style="margin:0 auto" align=center>
<form>
  Username:<br>
  <input type="text" name="username"><br>
  Current Password:<br>
  <input type="password" name="password"><br>
  New Password:<br>
  <input type="password" name="newpassword"><br>
  Confirm Password:<br>
  <input type="password" name="confirmnewpassword"><br>
  <br>
  <input type="submit" name="submit" value="Submit" />
</form>

<?php

$dbhost = "*****";
$dbname = "*****";
$dbuser = "*****";
$dbpass = "*****";
//Connect to database

$connect= mysql_connect ("$dbhost","$dbuser","$dbpass")or die("Could not connect: ".mysql_error());
mysql_select_db("$dbname") or die(mysql_error());

if(isset($_POST['submit']))

    $username = $_POST['username'];
    $password = md5($_POST['password']);
    $newpassword = md5($_POST['newpassword']);
    $confirmnewpassword = md5($_POST['confirmnewpassword']);

    $result = mysql_query("SELECT password FROM accounts WHERE username='$username'");

    $row = mysql_fetch_assoc($result);

    $passworddb = $row['passoword']; //password from Data Base
    if(!$result) {
        echo "The username you entered does not exist";
    }
    if($password==$passworddb){
        if($newpassword==$confirmnewpassword){
            $sql=mysql_query("UPDATE accounts SET password='$newpassword' where username='$username'");
?> 
<script>
    alert('Password changed!');
    window.location.href='change_password.php';
</script> 
<?php
        }
        else{
?> 
<script>
    alert('Error, new password and confirm password must be the same');
    window.location.href='change_password.php';
</script> 
<?php
    }
}
?>
</body>
</html>

任何人都可以告诉我我的代码有什么问题吗? 这是我的更改密码页面,它包含我的MySQL连接。密码更改表单。当我按提交时,没有任何反应,所以任何人都可以告诉我我的代码有什么问题吗?

2 个答案:

答案 0 :(得分:1)

不知道你是否注意到了这一点,但是:

$passworddb = $row['passoword']; //Here may be your error

它应该与您的sql语句匹配

$passworddb = $row['password'];

您正在通过URL传递变量。你需要在php页面上收到$ _GET你的变量:

if(isset($_GET['submit']))

    $username = $_GET['username'];
    $password = md5($_GET['password']);
    $newpassword = md5($_GET['newpassword']);
$confirmnewpassword = md5($_GET['confirmnewpassword']);

$result = mysql_query("SELECT password FROM accounts WHERE username='$username'");

$row = mysql_fetch_assoc($result);

$passworddb = $row['passoword']; //password from Data Base
if(!$result) {
    echo "The username you entered does not exist";
}
if($password==$passworddb){
    if($newpassword==$confirmnewpassword){
        $sql=mysql_query("UPDATE accounts SET password='$newpassword' where username='$username'");
?>

但这是传递帐户数据的一种不好的方法,因为它会让你受到攻击

答案 1 :(得分:0)

$passworddb = $row['**passoword**']; //password from Data Base

你这里有拼写错误

相关问题
最新问题