我正在尝试学习PHP PDO,因为我来自程序和oop。我希望为登录的用户设置更改密码功能。问题是当我输入错误的旧密码时没有任何反应,并且正确的旧密码也是如此。我不知道错误是什么,所以这里是使用pdo更改密码的代码。
<?php
$host = "localhost";
$username = "root";
$password = "";
$database = "PDOtesting";
$message = "";
try
{
$connect = new PDO("mysql:host=$host; dbname=$database", $username, $password);
$connect->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if(isset($_POST['re_password'])) {
$old_pass=$_POST['old_pass'];
$new_pass=$_POST['new_pass'];
$re_pass=$_POST['re_pass'];
// User confirm old password authentication
$query = "SELECT * FROM users WHERE username = :username LIMIT 1";
$statement = $connect->prepare($query);
$statement->execute(
array(
'username' => $login_session
)
);
$count = $statement->rowCount();
if($count > 0)
{
$result = $statement->fetch();
//check old password if correct
if (password_verify($_POST["old_pass"], $result['old_pass'])) {
// if password correct
if ($new_pass == $re_pass) {
$query2 = "UPDATE users SET password = :password WHERE username = :username";
$hash = password_hash($re_pass, PASSWORD_DEFAULT);
$statement = $connect->prepare($query2);
$statement->execute(
array(
'username' => $login_session,
'password' => $hash
)
);
echo "<script>alert('Changed Password Sucessfully! You will be logged out from this page'); window.location='../session_destroy.php'</script>";
}
else {
echo "<script>alert('new password and repeat password does not match!'); window.location='change_password.php'</script>";
}
}} else {
echo "<script>alert('Your old password is incorrect'); window.location='change_password.php'</script>";
}
// $data_pwd=$chg_pwd1['password'];
}
}
catch(PDOException $error)
{
$message = $error->getMessage();
}
?>
这是登录表单html中的代码
<form class="form-group" method="POST" name="frmChange">
<div class="row">
<div class="col-md-3">
<div class="form-group">
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label>Old Password</label>
<input type="password" name="old_pass" class="form-control" id="currentPassword" required="" placeholder="Old Password">
</div>
</div>
</div>
<div class="row">
<div class="col-md-6">
<div class="form-group">
<label>New Password</label>
<input type="password" name="new_pass" class="form-control" id="newPassword" required="" placeholder="New Password">
</div>
</div>
<div class="col-md-6">
<div class="form-group">
<label>Confirm New Password</label>
<input type="password" name="re_pass" class="form-control" id="confirmPassword" required="" placeholder="Confirm New Password">
</div>
</div>
</div>
<span name="message"><?php if(isset($message)) { echo $message; } ?></span>
很抱歉代码的安排,这里是我使用程序的代码。以下是我想要将其重构为PDO以使其更安全的代码。
<?php
$conn_db = mysqli_connect("localhost","root","") or die();
$sel_db = mysqli_select_db($conn_db, "PDOtesting") or die();
if(isset($_POST['re_password']))
{
$old_pass=$_POST['old_pass'];
$new_pass=$_POST['new_pass'];
$re_pass=$_POST['re_pass'];
$chg_pwd=mysqli_query($conn_db, "select * from users where username='$login_session'");
$chg_pwd1=mysqli_fetch_array($chg_pwd);
$data_pwd=$chg_pwd1['password'];
if($data_pwd==$old_pass){
if($new_pass==$re_pass){
$update_pwd=mysqli_query($conn_db, "update users set password='$new_pass' where username='$login_session'");
echo "<script>alert('Changed Password Sucessfully! You will be logged out from this page'); window.location='../session_destroy.php'</script>";
}
else{
echo "<script>alert('Your New password does not match the password confirmation'); window.location='change_password.php'</script>";
}
}
else
{
echo "<script>alert('Your old password is incorrect'); window.location='change_password.php'</script>";
}}
?>
如果有人可以帮助我,我将不胜感激。 提前谢谢。