PHP当前密码检查和更新哈希密码

时间:2019-02-07 19:17:35

标签: php html mysqli

我正在创建PHP用户哈希密码更新脚本,该脚本不起作用,并且不显示任何错误消息。所有时间显示您的旧密码是不正确的消息,只有我尝试这样做,但它不起作用,我想创建用户旧密码检查并更新新密码

这是我的代码

<?php
include "database/config.php";
if ($_SERVER['REQUEST_METHOD'] == "POST") {
    $old_password = password_hash($_POST['old_password'], PASSWORD_DEFAULT);
    $new_password = password_hash($_POST['new_password'], PASSWORD_DEFAULT);
    $con_password = password_hash($_POST['con_password'], PASSWORD_DEFAULT);

    $stmt = $con->prepare('SELECT * FROM users WHERE user_id= ?');
    $stmt->bind_param('i', $_POST['user_id']);
    $stmt->execute();
    if ($stmt == $old_password) {
        if ($new_password == $con_password) {
            $stmt = $con->prepare = "UPDATE users SET password = ? WHERE user_id = ?";
            echo "Update Sucessfully";
        } else {
            echo "Your new Password is not match ";
        }
    } else {
        echo "Your old password is incorrect";
    }
}

这是我的html表单

<form name="form1" method="post" action="">
    <input name="old_password" type="text" id="old_password" value="" placeholder="Current Password" required>
    <input name="new_password" type="text" id="new_password" value="" placeholder="New Password" required>
    <input name="con_password" type="text" id="con_password" value="" placeholder="confirm new password" required>
    <input type="submit" name="changePass" value="change password" class="submit2" />
</form>

1 个答案:

答案 0 :(得分:1)

您正在做的是散列,然后比较两个散列..这是不正确的处理方式,因为散列永远不会完全匹配(否则加密有什么用?)-您正在做:

$old_password = password_hash($_POST['old_password'], PASSWORD_DEFAULT);

什么时候应该做:

$old_password = $_POST['old_password'];

然后它很简单:

if (password_verify($old_password, $stmt)) { {
    if ($new_password == $con_password) {
        $stmt = $con->prepare = "UPDATE users SET password = ? WHERE user_id = ?";
        echo "Update Sucessfully";
    } else {
        echo "Your new Password is not match ";
    }
 } else {
    echo "Your old password is incorrect";
 }


ALSO

正如杰伊(Jay)所提到的..您需要获取一些东西..此时您将使用以下方法返回对象:

$stmt = $con->prepare('SELECT * FROM users WHERE user_id= ?');

对象对此比较不利。您需要一个字符串。如果期望1个结果,则可以在该查询的末尾添加fetch_array()[0]fetch_array将您的Object转换为一维数组。 [0]就是您希望分配给$stmt的数组 index 

$stmt = $con->prepare('SELECT * FROM users WHERE user_id= ?');
$stmt->bind_param('i', $_POST['user_id']);
$stmt->execute();
$stmt = $stmt->fetch_array()[0];
相关问题
最新问题