我是php的新手,学得很快。我有一个表格,允许用户更新他/她的安全问题,并要求用户输入他/她的参考编号,以便继续进行更改。
我的表格代码如下:
<form action="securityupdated.php" method="post">
<table width="80%" border="0">
<tr>
<td><label for="secret_question">Secret Question</label></td>
<td><span id="spryselect1">
<select name="secret_question" id="secret_question">
<option selected="selected">Please Select Your Secret Question</option>
<option id="secret_question" value="What Is Your Mothers Maiden Name?">What Is Your Mothers Maiden Name</option>
<option id="secret_question" value="What Was The Name Of Your First Pet?">What Was The Name Of Your First Pet</option>
<option id="secret_question" value="What Was Your First Car?">What Was Your First Car</option>
<option id="secret_question" value="What Is Your Favourite Colour?">What Is Your Favourite Colour</option>
</select>
<span class="selectRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="secret_anwser">Your Anwser</label></td>
<td><br /><span id="sprytextfield1">
<input type="text" name="secret_anwser" id="secret_anwser" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="password">Your Reference</label>
</td>
<td><br />
<span id="sprytextfield2">
<input type="text" name="ref" id="ref" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td> </td>
<td><br /><input name="" type="submit" value="Update" /></td>
</tr>
</table>
</form>
我的php脚本如下:
<?php
$secret_question = mysql_real_escape_string($_REQUEST['secret_question']);
$secret_anwser = mysql_real_escape_string($_REQUEST['secret_anwser']);
$sql= "UPDATE public SET secret_question = '$secret_question', secret_anwser = '$secret_anwser' WHERE active = 'activated' AND ni = '". $_SESSION['ni']."'";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
else
{
echo '<hr /><h3 align="center">Security Question Has Been Updated</h3><hr />';
}
?>
我不知道的是如何编码它以便它可以检查用户输入的ref是否与我的数据库中的ref字段匹配,如果是,那么它应该继续更新,如果没有,它应该询问用户再次输入密码?
答案 0 :(得分:0)
我不是“安全问题”的信徒,但我认为添加密码检查是合理的,因为如果有人确实达到这一点,他可能会阻止真实用户请求密码恢复,如果这就是你的意思用它来做。所以,使用mysql_fetch_row获取密码(我希望它是sha1哈希?)并将其与输入的任何用户进行比较(添加新的密码字段)
HTML:
<tr>
<td><label for="password_check">Your password</label></td>
<td><input type="text" name="password_check" id="password_check" /></td>
</tr>
和php:
$result = mysql_query("SELECT `password` FROM public WHERE ni = '". $_SESSION['ni']."'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
if(strlen($row[0])>0 && $row[0]==sha1($_POST['password_check'])){
.. your existing update code goes here
}
答案 1 :(得分:0)
<?php
if(isset($_POST['submit'])){
$ref_number = $_POST['reference_number'];
$query = "SELECT * FROM table_name WHERE reference_number = 'ref_number'";
$result = mysql_query($query);
$output = mysql_num_rows($result);
if($output > 0){
//Proceed in registration or whatever you want to do here
}else{
echo "<script type='text/javascript'>alert('Please put your whatever again')</script>";
}
}
?>
表单的一部分
<input type='text' name='reference_number'><br />
<input type='submit' name='submit' value='Submit'>;
答案 2 :(得分:0)
您是否为每个人提供了一个参考号或只有一个参考号?
如果每个用户都有自己的参考:
$Result = mysql_query("SELECT * FROM table WHERE user_id = 'user_id' AND ref_number = '$Ref_Number'");
或者如果只有一个参考号:
$Result = mysql_query("SELECT * FROM table WHERE ref_number = '$Ref_Number'");
如果提供的引用号等于数据库中的引号,那么您将返回一行。
if (mysql_num_rows($Result) != 0)){
// your update code
} else {
// present password form
}
如果每个人只有一个ref-number,那么将该值存储在变量中可能会更有趣。
$Query = mysql_query("SELECT * FROM table");
$R = mysql_fetch_array($Result);
$RealRef_number = $R['ref_number'];
if ($_POST['Ref_number'] == $RealRef_number){
// proceed to updating
} else {
// they were not equal..
}