会员可以更改密码

我已经创建了一个脚本，用户可以更改密码。但我得到的错误确认密码和新密码犯规的比赛.. 这里是代码会员可以更改密码

<? 
session_start(); 
include 'db.php'; 

if($_POST['username']!="") { 
    $username = $_POST['username']; 
} 
else die("No Username was passed"); 
if($_POST['password']!="") { 
    $password = $_POST['password']; 
} 
else die("No Password was passed"); 
if($_POST['newpassword']!="") { 
    $newpassword = $_POST['newpassword']; 
} 
else die("No NewPassword was passed"); 
if($_POST['confirmnewpassword']!="") { 
    $newpassword = $_POST['confirmnewpassword']; 
} 
else die("No Confirm Password was passed"); 

$username = $_POST['username']; 
$password = $_POST['password']; 
$newpassword = $_POST['newpassword']; 
$confirmnewpassword = $_POST['confirmnewpassword']; 

$result = mysql_query("SELECT password FROM users WHERE username='$username'"); 

    if(!$result){ 
     echo "The username entered does not exist!"; 
    } 
    else 
     if($password != mysql_result($result, 0)){ 
      echo "Entered an incorrect password"; 
      } 

    if($newpassword == $confirmnewpassword){ 
     $sql = mysql_query("UPDATE users SET password = '$newpassword' WHERE username = '$username'");  
    } 

    if(!$sql){ 
     echo "Congratulations, password successfully changed!"; 
    } 
    else{ 
     echo "New password and confirm password must be the same!"; 
    } 

    ?>

这里表单代码

<form action="lostpw.php" method="post" name="" id=""> 
              <table width="50%" border="0" align="center" cellpadding="4" cellspacing="0"> 
               <tr> 
                <td width="22%">Username</td> 
                <td width="78%"><input name="username" type="text" id="username" value="<? echo "". $_SESSION['username'] ."" ?>"></td> 
               </tr> 
               <tr> 
                <td width="22%">Old password</td> 
                <td width="78%"><input name="password" type="text" id="password"></td> 
               </tr> 
                <td>New Password</td> 
                <td><input name="newpassword" type="newpassword" value=""></td> 
               </tr> 
               <tr> 
               </tr> 
                <td>Confirm </td> 
                <td><input name="confirmnewpassword" type="confirmnewpassword" value=""></td> 
               </tr> 
               <tr> 
                <td>&nbsp;</td> 
                <td><input type="submit" name="Submit" value="update"></td> 
               </tr> 
               <tr> 
                <td><a href="home.php">Back</a></td> 
               </tr> 
              </table> 
</form>

我在哪里做错了。

来源

2013-03-18 Aamir

你有没有从保护[SQL注入]（http://php.net/manual/en/security.database.sql-injection.php ）。 – 2013-03-18 03:12:23

1.您确定要在PLAIN TEXT中保存密码吗？ 2.你知道SQL注入吗？ – Raptor 2013-03-18 03:12:24

你为什么要存储明文密码？ – Blender 2013-03-18 03:12:26

你不会在任何不良行为中停下来。你是不是停止脚本执行后：

if(!$result){ 
     echo "The username entered does not exist!"; 
    } else if($password != mysql_result($result, 0)){ 
     echo "Entered an incorrect password"; 
}

因此：

if($newpassword == $confirmnewpassword){ 
    $sql = mysql_query("UPDATE users SET password = '$newpassword' WHERE username = '$username'");  
}

将始终评估。

另外

if(!$sql){ 
    echo "Congratulations, password successfully changed!"; 
} else { 
    echo "New password and confirm password must be the same!"; 
}

是指：当查询失败（$sql = false，!$sql = true）打印成功消息，否则打印失败消息。我不认为这就是你想要的。你可能想要颠倒这两个块。

来源

2013-03-18 03:15:42 Shoe

我得到了它的工作thanhs – Aamir 2013-03-18 06:07:56

你不应该有感叹号，这是一个逆变器。这就是说'如果查询不起作用，恭喜你，否则如果它工作，给出错误信息。'以下：

if(!$sql){ 
    echo "Congratulations, password successfully changed!"; 
} 
else{ 
    echo "New password and confirm password must be the same!"; 
}

应该是：

if($sql){ 
    echo "Congratulations, password successfully changed!"; 
} 
else{ 
    echo "New password and confirm password must be the same!"; 
}

来源

2013-03-18 03:16:29

关于$结果行的另一篇文章也是准确的，虽然它没有回答你的问题。 – 2013-03-18 03:19:40

我havnt以纯文本存储密码。他们加密存储在数据库中的md5 ,,,, – Aamir 2013-03-18 03:27:51

@Aamir：你评论了错误的帖子。 ;） – 2013-03-18 03:31:31

会员可以更改密码

回答

相关问题