我尝试使用以下代码行来验证个人身份并更新其电子邮件地址,但代码将电子邮件的值读取为空白,并将其更新为数据库中的空白。
<form method="post">
<input type="hidden" name="__token" value="exex"/>
<div class="row">
<label for="email">Email address</label>
<div><input type="email" id="email" name="email" value="<?php echo $email; ?>"/></div>
<br/>
<div class="notice">Used for lost password recovery. Important!</div>
</div>
<div class="row">
<label for="newpass">New password</label>
<div><input type="password" id="newpass" name="newpass"/></div>
<br/>
<div class="notice">Leave empty if you do not want to change it.</div>
</div>
<div class="row">
<label for="curpass">Current password</label>
<div><input required type="password" id="curpass" name="curpass"/></div>
<br/>
<div class="notice">You must enter your current password to save the settings.</div>
</div>
<div class="row"><input type="submit" value="Save settings"/></div>
</form>
提交后,在同一页面(设置)中:
if(isset($_POST['email']) && (isset($_POST['curpass']) && $_POST['newpass'] == "")) {
$email = mysql_real_escape_string($_POST['email']);
$curpass = strtoupper(hash("whirlpool", $_POST['curpass']));
$passii = $con->query("SELECT `password` FROM `playerinfo` WHERE `PlayerName` = '{$_SESSION['playername']}';");
while($row = $passii->fetch()) {
$curpass1 = $row['password'];
}
if($curpass == $curpass1) {
echo "<div class='flash_success'>Your email has been changed.</div>";
$con->query("UPDATE `playerinfo` SET `email` = '$email' WHERE `PlayerName` = '{$_SESSION['playername']}'");
} else {
echo "<div class='flash_error'>You did not enter your current password correctly. Settings were not saved.</div>";
}
}