这是我的代码
<?php
include("connect.php");
error_reporting(0);
session_start();
if($_SESSION['logged'] == true){
if($_SESSION['user_type'] == 2){
header("location:admin\home.php");
}
$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM tbl_useraccounts where user_id = $id";
$q = mysqli_query($con,$query);
while($row = mysqli_fetch_array($q)){
$oldpassworddb = $row['password'];
}
if($user_id)
{
//user is logged in
if(isset($_POST['submit']))
{
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check passwords
if ($oldpassword == $oldpassworddb)
{
// check two new passwords
if ($newpassword == $repeatnewpassword)
{
//success
//change password in db
$querychange = mysqli_query("
UPDATE tbl_useraccounts SET password='$newpassword' WHERE user_id='$user_id'");
session_destroy();
echo "Your password has been changed<br/>
<a href='home.php'>Return</a>";
}
else
echo "New passwords doesnt match";
}
else
echo "Old password doesnt match!";
}
else
{
echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='password' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><br>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name='submit' value='Change Password'>
</form>
";
}
}
else
die("You must be logged in to change your password");
}else{
header("location:login.php");
}
?>
对不起,我是StackOverflow的新手。当我在密码栏中输入旧密码时,示例为“123”,其中123实际上是存储在我的数据库中的密码。但是,单击“更改密码”时始终响应的是“旧密码不匹配”。 123 = 123应该被认为是正确的。
我的代码中有什么错误?
答案 0 :(得分:0)
您可能选错了用户:
$user_id = $_SESSION['user_id']; // here you pick in $user_id
$query = "SELECT * FROM tbl_useraccounts where user_id = $id"; // here you check with $id
所以改为
$query = "SELECT * FROM tbl_useraccounts where user_id = $user_id";
同样print_r($variable)可能对您有所帮助。
答案 1 :(得分:0)
更改以下内容:
$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM tbl_useraccounts where user_id = $id";
要
$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM tbl_useraccounts where user_id = $user_id";
您已将用户ID存储在$ user_id变量中但使用$ id变量,该变量未定义。
答案 2 :(得分:0)
您在where statment中使用了 $ id $ user_id :
$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM tbl_useraccounts where user_id = $id";
$q = mysqli_query($con,$query);
while($row = mysqli_fetch_array($q)){
$oldpassworddb = $row['password'];
}
您可以像这样转储数据库中的值:
$user_id = $_SESSION['user_id'];
$query = "SELECT * FROM tbl_useraccounts where user_id = $id";
$q = mysqli_query($con,$query);
while($row = mysqli_fetch_array($q)){
$oldpassworddb = $row['password'];
var_dump($oldpassworddb);
}
检查数据库中有多少用户。转储旧密码并将其与您提供的密码进行比较。如果不匹配,请更改db中的密码,结果为:
var_dump(md5('123'));
然后再次运行您的代码。此时我们无法确定您的数据库中有什么内容;)