这是我的代码,我想用给定的新密码$new_password更新密码,用$new_password2验证密码,并检查当前给定的密码是否与$old_password匹配。
<?php
if (isset($_POST['submit'])) {
//validations
$required_fields = array("username", "old_password", "password", "password2");
validate_presences($required_fields);
$fields_with_max_lengths = array("username" => 30);
validate_max_lengths($fields_with_max_lengths);
if(empty($errors)) {
//process the form
$id = $admin["id"];
$username = mysql_prep($_POST["username"]);
$new_password = password_encrypt($_POST["password"]);
$old_password = password_encrypt($_POST["old_password"]);
$new_password2 = password_encrypt($_POST["password2"]);
您必须提供的两个密码必须相互相等才能更改密码。所有三个密码都经过哈希处理。验证新密码需要$new_password和$new_password2。还必须使用$old_password更新$new_password。如果id等于数据库中的id并且$old_password与当前$old_password匹配,则必须更改。
if ($new_password == $new_password2) {
//update
$query = "UPDATE admins SET ";
$query .= "username = '{$username}', ";
$query .= "password = '{$new_password}', ";
$query .= "old_password = '{$new_password}', ";
$query .= "password2 = '{$new_password}' ";
$query .= "WHERE id = {$id} ";
$query .= "AND old_password = '{$old_password}' ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
//success
$_SESSION["message"] = "Admin updated.";
redirect_to("manage_admins.php");
} else {
//failure
$_SESSION["message"] = "Admin update failed1";
}
} else {
$_SESSION["message"] = "Admin update failed2";
}
} else {
$_SESSION["message"] = "Admin update failed3";
}
} else {
}
?>
答案 0 :(得分:0)
您可能需要使用password_hash而不是password_encrypt。不过,这将是错误的用法。看看password_verify。基本思想是从数据库中获取该用户的当前哈希密码,然后使用password_verify根据存储的哈希检查用户条目。