<?
// Inialize session
session_start();
// Check, if username session is NOT set then this page will jump to login page
if (!isset($_SESSION['username']))
{
header('Location: AdminLogin.php');
}
?>
<html lang="en-GB" xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="stylesheet" href="AdminLogin.css" type="text/css" />
<title>Welcome to ASM Services Inc.</title>
<script type="text/javascript" language=JavaScript>
var message="";
function clickIE()
{
if (document.all)
{(message);return false;}}
function clickNS(e) {if
(document.layers||(document.getElementById&&!document.all)) {
if (e.which==2||e.which==3) {(message);return false;}}}
if (document.layers)
{document.captureEvents(Event.MOUSEDOWN);document.onmousedown=clickNS;}
else{document.onmouseup=clickNS;document.oncontextmenu=clickIE;}
document.oncontextmenu=new Function("return false")
</script>
</head>
<body>
<div class="login">
<?php
require("adminconfig.inc");
$user = $_SESSION['username'];
echo "<form name=form1 method=post>
<table width=100 border=0 align=center>
<tr>
<font size=5 face=Arial color=yellow>Change Password</font>
</tr>
<table>
<tr>
<td><font size=4 face=Tahoma color=yellow>Username:</font></td>
<td><input type=text name='username1' value='$user' size=20 AUTOCOMPLETE = off ></td>
</tr>
<tr>
<td><font size=4 face=Tahoma color=yellow>Password:</font></td>
<td><input type=password name=password size=20 AUTOCOMPLETE = off></td>
</tr>
<tr>
<td><font size=4 face=Tahoma color=yellow>New Password</font></td>
<td><input type=password name=new_pass size=20 AUTOCOMPLETE = off></td>
</tr>
<tr>
<td><font size=4 face=Tahoma color=yellow>Confirm Password:</font>:</td>
<td><input type=password name=con_pass size=20 AUTOCOMPLETE = off></td>
</tr>
</table>
<table>
<tr>
<input type=submit value=Ok name='btnCheck'>
<input type=submit value=Cancel name=btnCancel onClick='this.form.reset()'>
</tr>
</table>
</table>
</form>";
?>
<?php
require("adminconfig.inc");
$user = $_POST['username1'];
$pass = $_POST['password'];
$new_pass = trim($_POST['new_pass']);
$con_pass = trim($_POST['con_pass']);
if(isset($_POST['btnCheck']))
{
// Retrieve username and password from database according to user's input
$login = mysql_query("SELECT Log_User, Log_Pass, User_Type FROM LOG_IN WHERE
(Log_User = '" . mysql_real_escape_string($_POST['username1']) . "')
and
(Log_Pass = '" . mysql_real_escape_string($_POST['password']) . "')
and
(User_Type = 'member')")
or die('Query failed: ' . mysql_error() . "<br />\n$sql"); ;
//Check username and password match
if (mysql_num_rows($login) == 1)
{
if(trim('$new_pass') == trim('$con_pass'))
{
$sql=mysql_query("UPDATE log_in SET Log_Pass='$new_pass' where username='$user'");
if(!$sql)
{
echo "fail updating!";
}
else
{
echo "success!";
echo "<script type = text/javascript>";
echo "alert('The new password has been changed successfully.');";
echo "</script>";
}
}
else
{
echo "fail!";
echo "<script type = text/javascript>";
echo "alert('Error. New Password and Confirm Password are not the same. Please make it sure that they are the same.');";
echo "</script>";
}
}
}
?>
</div>
<div class="copyright">
© Copyright 2011 <strong>ASM Services Inc.</strong>
</div>
</body>
</html>
这是我更改用户密码的完整代码。我真的不知道我的代码的确切错误。每当我更改密码时,它总是会出现“错误。新密码和确认密码不一样”。
答案 0 :(得分:3)
您当前的代码有:
if(trim('$new_pass') == trim('$con_pass')) {
// passwords match
} else {
// passwords don't match
}
您正在比较字符串'$new_pass'&amp; '$con_pass'而不是变量$new_pass&amp; $con_pass。也不要使用不应该使用trim,因为用户的密码可能有空格。
更改
if(trim('$new_pass') == trim('$con_pass'))
到
if($new_pass == $con_pass)
您还可以从表单中读取密码:
$new_pass = trim($_POST['new_pass']);
$con_pass = trim($_POST['con_pass']);
您也不应该在这里使用trim。如果用户想要在密码的结尾处开始占用空间,那么您的逻辑将会失败,因为用户认为他的密码有空格,但您在数据库中输入的密码将没有空格。
答案 1 :(得分:-1)
更改
if(trim('$new_pass') == trim('$con_pass'))
到
if(trim($new_pass) == trim($con_pass))