使用PDO更改密码Php没有任何反应

时间:2017-08-28 02:26:32

标签: php mysql pdo

我正在尝试学习PHP PDO,因为我来自程序和oop。我希望为登录的用户设置更改密码功能。问题是当我输入错误的旧密码时没有任何反应,并且正确的旧密码也是如此。我不知道错误是什么,所以这里是使用pdo更改密码的代码。

<?php 
    $host = "localhost";  
    $username = "root";  
    $password = "";  
    $database = "PDOtesting";  
    $message = "";  
    try  
    {  
      $connect = new PDO("mysql:host=$host; dbname=$database", $username, $password);  
      $connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

        if(isset($_POST['re_password'])) {

            $old_pass=$_POST['old_pass'];
            $new_pass=$_POST['new_pass'];
            $re_pass=$_POST['re_pass'];

            // User confirm old password authentication  
                $query = "SELECT * FROM users WHERE username = :username LIMIT 1";  
                $statement = $connect->prepare($query);  
                $statement->execute(  
                     array(  
                          'username'     =>     $login_session  
                     )  
                );  
                $count = $statement->rowCount();

                if($count > 0)  
                {  
                     $result = $statement->fetch();

                    //check old password if correct
                    if (password_verify($_POST["old_pass"], $result['old_pass'])) {
                         // if password correct
                        if ($new_pass == $re_pass) {

                            $query2 = "UPDATE users SET password = :password WHERE username = :username";

                            $hash = password_hash($re_pass, PASSWORD_DEFAULT);

                            $statement = $connect->prepare($query2);  
                            $statement->execute(  
                                array(  
                                    'username'     =>     $login_session,
                                    'password'     =>     $hash
                                )  
                            );

                            echo "<script>alert('Changed Password Sucessfully! You will be logged out from this page'); window.location='../session_destroy.php'</script>";

                        }

                        else {
                            echo "<script>alert('new password and repeat password does not match!'); window.location='change_password.php'</script>";
                        }
                    }} else {
                        echo "<script>alert('Your old password is incorrect'); window.location='change_password.php'</script>";
                    } 

                // $data_pwd=$chg_pwd1['password'];
        }
    }
    catch(PDOException $error)  
    {  
      $message = $error->getMessage();  
    }
    ?>

这是登录表单html中的代码

    <form class="form-group" method="POST" name="frmChange">
       <div class="row">
          <div class="col-md-3">
            <div class="form-group">                                                       
      <div class="row">
      <div class="col-md-6">
     <div class="form-group">
    <label>Old Password</label>
   <input type="password" name="old_pass" class="form-control" id="currentPassword" required="" placeholder="Old Password">
        </div>
       </div>
      </div>

    <div class="row">
   <div class="col-md-6">
    <div class="form-group">
    <label>New Password</label>
<input type="password" name="new_pass" class="form-control" id="newPassword" required="" placeholder="New Password">
             </div>
            </div>
          <div class="col-md-6">
   <div class="form-group">
   <label>Confirm New Password</label>
 <input type="password" name="re_pass" class="form-control" id="confirmPassword" required="" placeholder="Confirm New Password">
          </div>
         </div>
       </div>
<span name="message"><?php if(isset($message)) { echo $message; } ?></span>

             

很抱歉代码的安排,这里是我使用程序的代码。以下是我想要将其重构为PDO以使其更安全的代码。

<?php 
        $conn_db = mysqli_connect("localhost","root","") or die();
        $sel_db = mysqli_select_db($conn_db, "PDOtesting") or die();
        if(isset($_POST['re_password']))
        {
        $old_pass=$_POST['old_pass'];
        $new_pass=$_POST['new_pass'];
        $re_pass=$_POST['re_pass'];
        $chg_pwd=mysqli_query($conn_db, "select * from users where username='$login_session'");
        $chg_pwd1=mysqli_fetch_array($chg_pwd);
        $data_pwd=$chg_pwd1['password'];
        if($data_pwd==$old_pass){
        if($new_pass==$re_pass){
            $update_pwd=mysqli_query($conn_db, "update users set password='$new_pass' where username='$login_session'");
            echo "<script>alert('Changed Password Sucessfully! You will be logged out from this page'); window.location='../session_destroy.php'</script>";
        }
        else{
            echo "<script>alert('Your New password does not match the password confirmation'); window.location='change_password.php'</script>";
        }
        }
        else
        {
        echo "<script>alert('Your old password is incorrect'); window.location='change_password.php'</script>";
        }}
    ?>

如果有人可以帮助我,我将不胜感激。 提前谢谢。

0 个答案:

没有答案