gpt4 book ai didi

php - Q : Edit New Password PHP Mysql

转载 作者:行者123 更新时间:2023-12-01 00:09:27 24 4
gpt4 key购买 nike

有人帮我写代码。我创建了一个包含当前密码、新密码和确认密码的编辑密码页面。这是我的代码:

编辑密码.php

<form action="editpassword_process.php" method="post">
<table>
<tr class="form-group has-feedback has-success">
<td><h4>Current Password</h4></td>
<td><div class="control-group input-lg"><input type="password" placeholder="" passfield="true" id="currentpassword" name="currentpassword"></div></td> <!-- class="input-sm" required -->
<td><span id="messagebox"></span></td>
</tr>
<tr>
<td><h4>New Password</h4></td>
<td><div class="control-group input-lg"><input type="password" placeholder="" passfield="true" id="newpassword1" name="newpassword1"></div></td> <!-- required class="input-sm" -->
</tr>
<tr>
<td><h4>Confirm Password</h4></td>
<td><div class="control-group input-lg"><input type="password" placeholder="" passfield="true" id="newpassword2" name="newpassword2" onKeyUp="checkPass(); return false;"></div></td> <!-- required class="input-sm" -->
<span id="confirmMessage" class="confirmMessage"></span>
</tr>
</table>
<button class="btn btn-info">Submit</button>
</form>

这是我的 editpassword_process.php 代码

<?php

include('connection.php');

$currentpw = $_POST['currentpassword'];
$newpw = $_POST['newpassword1'];
$confirmnewpw = $_POST['newpassword2'];

$res = mysql_query("SELECT user_password FROM `tbl_userlist` WHERE userid = '".$_SESSION['userid']."'");

if($currentpw != mysql_result($res, 0)){
echo "You entered an incorrect password";
}

if($newpw = $confirmnewpw){
$sql = mysql_query("UPDATE tbl_userlist SET user_password = '$newpw' WHERE userid = '".$_SESSION['userid']."'");
}

if($sql){
echo "You have successfully changed your password";
}
else{
echo "The new password and confirm pasword fields must be the same";
}

?>

当我点击提交时,会出现一个警告,显示已验证正常,但我的数据库没有更新。

提前致谢

最佳答案

您的代码有一些问题,但我将从您的用户密码未更新的原因开始。您尚未在代码中的任何地方启动 session 。在任何使用 session 的地方,您都需要以以下方式启动它们:

session_start();

这应该是您打开后要做的第一件事 <?php标记。

你在很多 = 中分配( == )而不是比较( if(){.. )比较 block ,这些将评估为 TRUE , 运行条件。

糟糕的是,您使用的是已弃用的库。全部mysql_*从 PHP7 开始,函数已被弃用和删除。最好通过学习这两个库中的任何一个来走在曲线球的前面:

它们中的任何一个都可以减轻您在当前易受攻击代码中遇到的任何 SQL 注入(inject)。更不用说您以纯文本格式存储密码这一事实。想象一下何时(不是 如果)你的数据库被黑了,我希望这不是生产环境.

PHP 使散列密码变得 super 简单,只需查看:

他们会整理您的密码散列。


为了简化您正在做的事情,这将是一个 PDO 示例以及您的密码散列,以向您展示实现您正在尝试做的事情是多么简单:

<?php
session_start();
include('connection.php');

$currentpw = $_POST['currentpassword'];
$newpw = $_POST['newpassword1'];
$confirmnewpw = $_POST['newpassword2'];

// start your PDO object
$db = new PDO('mysql:host=localhost;dbname=DATABASE', 'username','password');
$statement = $db->prepare("SELECT user_password FROM `tbl_userlist` WHERE userid = :userid");
$statement->execute(array(':userid' => $_SESSION['userid']));
// check if we have a row
if ($statement->rowCount() > 0) {
$data = $statement->fetch(PDO::FETCH_ASSOC);
$current_password_hash = $data['user_password'];
// check current password is correct.
if (!password_verify($currentpw, $current_password_hash)) {
// wrong "current" password.
die("You entered an incorrect password");
}
// check that both passwords match.
if (trim($confirmnewpw) !== trim($newpw)) {
// new passwords dont match
die("The new password and confirm pasword fields must be the same");
}
// can only get here if passwords match.
// so hash the new password and store in the database.
$newpwhash = password_hash(trim($confirmnewpw), PASSWORD_BCRYPT, array('cost' => 11));
// now lets update table to add new password hash.
$update = $db->prepare("UPDATE tbl_userlist SET user_password = :newpwhash WHERE userid = :userid");
if($update->execute(array(':newpwhash' => $newpwhash, ':userid' => $_SESSION['userid']))) {
// password updated successfully.
die("You have successfully changed your password");
} else {
// failed to update, check logs to ammend.
die('Failed to update password.');
}
} else {
// wrong "current" password.
die("No password found for you...");
}

不用说,这意味着您也必须更改登录过程,但这很简单。您需要做的就是获取密码并利用 password_verify() ,瞧,你被分类了。

(更不用说,更安全。)

关于php - Q : Edit New Password PHP Mysql,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34603735/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com