检查并更新md5密码

时间:2018-09-25 06:45:18

标签: php mysql

我正在制作一个登录表单,当用户注册到网站时,他们将收到激活码和临时密码。

当用户注册时,他们的密码将立即散列到md5中。并在他们的电子邮件中收到激活码以激活帐户,然后在他们登录后立即提示他们更改密码。

问题是我仍然无法弄清楚我的代码在哪里出问题,因为它将无法更新并显示错误消息:“旧密码与数据库中的旧密码不匹配”。

谢谢

    <?php
//error will be run on localhost, if online won’t showed up
error_reporting(E_ALL ^ (E_NOTICE | E_WARNING));

//connection to database
$conn = new mysqli("localhost", "root", "", "db");
if ($conn->connect_errno) {
    echo die("Failed to connect to MySQL: " . $conn->connect_error);
}

//process if submitted
if($_POST['submit']){
    //variable to save the inputted data into database
    $old_password           = $_POST['old_password'];
    $new_password           = $_POST['new_password'];
    $password_confirmation          = $_POST['password_confirmation'];

    //check first on database
    //encrypt -> md5($user_password)
    $old_password   = md5($old_password); 
    $check = $conn->query("SELECT user_email FROM register_user WHERE user_password='$old_password'");

    if($check->num_rows)
    {
        //condition if old password same as the database
        //minimum length of password is 5
        if(strlen($new_password) >= 5)
        {
            //if new password is 5 character, continue below
            //condition of new password has to be same as password confirmation
            if($new_password == $password_confirmation)
            {
                //if all condition is true, continue to change to database
                //query UPDATE SET password = encrypt md5 new_password
                $new_password   = md5($new_password);
                $user_email     = $_SESSION['user_email']; //session from login         
                $update         = $conn->query("UPDATE register_user SET user_password='$new_password' WHERE user_email='$user_email'");
                 if($update)
                    {
                    //if update successful
                    echo 'Password successfully changed’;
                    }
                 else
                    {
                    //if failed
                    echo 'failed to change password';
                    }
            }
            else
            {
                //if password confirmation not the same as new password
                echo 'password confirmation not same';
            }
        }
        else
        {
            //if new password less than 5
            echo 'Minimum password has to be 5 character';
        }
    }
    else
    {
        //if old password not the same as in database
        echo 'old password not matched';
    }
}
?>

<!—reset password form -->
<form method="post" action="">
    <table>
        <tr>
            <td>Old Password</td>
            <td>:</td>
            <td><input type="password" name="old_password" required></td>
        <tr>
        <tr>
            <td>New Password</td>
            <td>:</td>
            <td><input type="password" name="new_password" required></td>
        <tr>
        <tr>
            <td>Password Confirmation</td>
            <td>:</td>
            <td><input type="password" name="password_confirmation" required></td>
        <tr>
        <tr>
            <td>&nbsp;</td>
            <td></td>
            <td><input type="submit" name="submit" value="change"></td>
        <tr>
    </table>
</form>

1 个答案:

答案 0 :(得分:0)

请研究SQL注入以及如何使用绑定参数,因为下面的代码并不安全,仅用于回答您的问题。

<?php

    $old_password           = $_POST['old_password'];
    $new_password           = $_POST['new_password'];
    $password_confirmation  = $_POST['password_confirmation'];

    //encrypt -> md5($user_password)
    $old_password   = md5($old_password);
    //getting user email
    $user_email= $_SESSION['user_email']; 
    //checking the database
    $check  = $conn->query("SELECT `user_email` FROM register_user WHERE `user_password`='$old_password' AND `user_email`='$user_email' ");

    if(($check->num_rows)==1)
    {
        //minimum length of new password is 5
        if(strlen($new_password) >= 5)
            {
            if($new_password == $password_confirmation)
                {
                //query UPDATE SET password = encrypt md5 new_password
                $new_password   = md5($new_password);
                $user_email         = $_SESSION['user_email']; 
                $update         = $conn->query("UPDATE register_user SET `user_password`='$new_password' WHERE `user_email`='$user_email' ");

                if(($conn->affected_rows)==1)
                {
                    //if success
                    echo 'Password has been updated';
                }
                else
                {
                    //if fail
                    echo 'Fail to update';
                }                   
                }
            else
            {
                //if new password and password confirmation different
                echo 'password confirmation is not matched';
            }
        }
        else
        {
            //if the password less than 5
            echo 'Minimum password is 5 character';
        }
    }
    elseif(($conn->affected_rows)==0)
    {
       echo 'No such user exists';
    }
    elseif(($conn->affected_rows)>1)
    {
       echo 'Two or more users currently share the same email address please fix this error';
    }

?>