除非一切能给我带来真实的结果,而且一切都没有改变,否则一切都会变坏

时间:2019-03-04 19:58:53

标签: php mysql mysqli

我正在尝试编写密码更改脚本。一切顺利。招待一下。它告诉我它成功了,但是没有任何变化。我的mysql中的加密代码没有任何变化,当我尝试登录时,我不能使用新密码,而只能使用旧密码。这是代码

<?php
session_start();
require_once('inc/functions.inc.php');
if (!isset($_POST['submit'])) {
    die(header("Location: settings.php"));
}
if (isset($_SESSION['updatePasswordError'])) {
    unset($_SESSION['updatePasswordError']);
}
$_SESSION['updatePasswordError'] = array();

if (isset($_SESSION['updatePasswordSuccess'])) {
    unset($_SESSION['updatePasswordSuccess']);
}
$_SESSION['updatePasswordSuccess'] = array();

if (strlen($_POST['newpassword'])  < 8) {
    $_SESSION['updatePasswordError'][] = "New Password must be at least 8 characters";
}
else if ($_POST['newpassword'] != $_POST['confirmnewpassword']) {
    $_SESSION['updatePasswordError'][] = "Passwords don’t match";
}

$mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB);
if ($mysqli->connect_errno) {
    error_log("Cannot connect to MySQL: " .
              $mysqli->connect_error);
    return false;
}
$incomingOldPassword = $mysqli->real_escape_string(htmlspecialchars($_POST['currentpassword']));
$query = "SELECT * from Customer WHERE id = '{$user->id}'";
if (!$result = $mysqli->query($query)) {
    $_SESSION['updatePasswordError'][] = "Select Error. Try Again";
    error_log("Cannot retrieve account for {$user}");
    return false;
}
// Will be only one row, so no while() loop needed
$row = $result->fetch_assoc();
$dbPassword = $row['password'];
if (crypt($incomingOldPassword,$dbPassword) != $dbPassword) {
    $_SESSION['updatePasswordError'][] = "Old Password Incorrect";
}

if (count($_SESSION['updatePasswordError']) > 0) {
    die(header("Location: settings.php"));
} else {
    $cryptednewPassword = crypt($_POST['newpassword']);
    $newPassword = $mysqli->real_escape_string($cryptednewPassword);
    $result = "$updatePassword($newPassword)";
    if ($result) {
        $_SESSION['updatePasswordSuccess'] [] = "Successfully Updated";
        die(header("Location: settings.php"));
    } else {
        die(header("Location: settings.php"));
    }
}


function updatePassword($newPassword) {
    $mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB);
    $query = "UPDATE customer SET password = ? WHERE id = $user->id";
    $stmt = $mysqli->prepare($query);
    $stmt->bind_param("s", $newPassword);
    $result = $stmt->execute();
    $mysqli->close();
    return $result;
}
?>

如果我尝试使用错误的密码,不匹配的密码或少于8个字符,则会收到错误消息。但是除此之外,一切似乎还可以

1 个答案:

答案 0 :(得分:0)

您没有调用updatePassword()函数。这行:

$result = "$updatePassword($newPassword)";

不调用函数。它只是创建一个包含变量$updatePassword$newPassword的值的字符串。由于$updatePassword不存在,因此相当于编写:

$result = "($newPassword)";

您还应该收到有关未定义变量的警告消息。

调用该函数的方式是:

$result = updatePassword($newPassword);

您不要在引号内放置函数调用,也不要在函数名前放置$

您还需要在主脚本中设置$user,并将其作为参数传递给函数,或在函数内部使用global $user;

相关问题
最新问题