Question

我的网站上有一个登录系统，我正在尝试创建密码重置。我对注册或登录代码没有问题，但密码更改代码不起作用。以下是我尝试过的两个例子（实际代码）

<?php
    require_once("config.php");
    session_start();
    if(isset($_POST['submit'])) {

        include_once 'config.php';

        $password = mysqli_real_escape_string($con, $_POST['password']);
        $password1 = mysqli_real_escape_string($con, $_POST['uc_pass1']);
        $password2 = mysqli_real_escape_string($con, $_POST['uc_pass2']);
        $uid = $_SESSION['s_id'];

        if ($password1 != $password2 || empty($password1) || empty($password2)) {
            header("Location: ../user-conf.php?pass=notmatching");
            exit();
        } else {
            $sql = "SELECT password FROM userdb WHERE username='$uid'";
            $result = mysqli_query($con, $sql);
            $resultCheck = mysqli_num_rows($result);

            if (!$resultCheck > 0) {
                header("Location: ../user-conf.php?error");
                exit();
            } else {
                $hashedPwdCheck = password_verify($password, $_SESSION['s_pw']);
                if ($hashedPwdCheck == false) {
                    header("Location: ../user-conf.php?error");
                    exit();
                } elseif ($hashedPwdCheck == true) {
                    $hashedPwd2 = password_hash($password1, PASSWORD_DEFAULT);
                    $sql2 = "INSERT INTO userdb (password) VALUES($hashedPwd2) WHERE username=$uid";
                    mysqli_query($con, $sql2);
                    header("Location: ../user-conf.php?pass=successfull");
                    exit();
                }
            }
        }
    } else {
        header("Location: ../login.php?nologon");
    }
?>

另一个在下面。

<?php
    require_once("config.php");
    session_start();
    if(isset($_POST['submit'])) {

        include_once 'config.php';

        $password = mysqli_real_escape_string($con, $_POST['password']);
        $password1 = mysqli_real_escape_string($con, $_POST['uc_pass1']);
        $password2 = mysqli_real_escape_string($con, $_POST['uc_pass2']);
        $uid = $_SESSION['s_id'];

        if ($password1 != $password2 || empty($password1) || empty($password2)) {
            header("Location: ../user-conf.php?pass=notmatching");
            exit();
        } else {

            $hashedPwdCheck = password_verify($password, $_SESSION['s_pw']);
            if ($hashedPwdCheck == false) {
                header("Location: ../user-conf.php?error");
                exit();
            } elseif ($hashedPwdCheck == true) {
                $hashedPwd = password_hash($password1, PASSWORD_DEFAULT);
                $sql = "INSERT INTO userdb (password) VALUES($hashedPwd) WHERE username=$uid";
                mysqli_query($con, $sql);
                header("Location: ../user-conf.php?pass=successfull");
                exit();
            }
        }
    } else {
        header("Location: ../login.php?nologon");
    }
?>

我也尝试过UPDATE语法。但是，似乎没有用新的密码更改旧密码。很高兴知道我做错了所以如果你知道请告诉我，我们将不胜感激！：）

Answer 1

99％确定：

"INSERT INTO userdb (password) VALUES($hashedPwd2) WHERE username=$uid"

应该是：

"UPDATE userdb SET password = '$hashedPwd2' WHERE username='$uid'"

您的PHP变量周围缺少引号，而INSERT应该是UPDATE。

MySQL PHP - 无法向表中插入/更新新值

1 个答案: