0

我对 PHP/Jquery 很陌生,我正在尝试为我的网站做一个更新密码脚本。到目前为止,密码已更新,但我正在努力思考如何验证它以检查旧密码。

此外,如何在警报框中显示错误消息(如 java 警报窗口)。我问的原因是因为如果旧密码与数据库中存在的密码不匹配,我需要创建一个警告框。

对此的任何帮助将不胜感激。如果您需要任何其他代码,我会尽快发布。

// *Update Profile Password* //
$("#btn-profile-update2").bind('click', function(){

       // Get info from text boxes
    /*    var profile_oldpassword = $('#txt-prof-oldp').val(); */
    var profile_newpassword = $('#txt-prof-newp').val();
    var profile_confirmpassword = $('#txt-prof-confp').val();

    new_password = $('#txt-prof-newp').val();
    old_password = $('#txt-prof-oldp').val();

    if (profile_newpassword !== profile_confirmpassword) {

        response = "Passwords entered do not match"

        alert(response);

        return;

   }

    // An array of field names to be updated
    var arr_field_names = Array();

    // Add the field name to index of array
    arr_field_names[0] = "Password";

    // An array of field values that correspond with our field names...
    var arr_field_values = Array();

    arr_field_values[0] = profile_newpassword;

    // Send to updateProfDetails function
    updatePassword(arr_field_names,arr_field_values,new_password,old_password);

    });

});

发送到这个函数:

function updatePassword(arr_field_names,arr_field_values,new_password,old_password) {

    // Ajax parameters...
    $.ajax({

        // Request sent from control panel, so send to cp.request.php (which is the handler)
        url: 'scripts/php/bootstrp/cp.request.php',
        type: 'GET',

        data: {

            ft: "password",
            table: "tblusers",
            oldpassword: old_password,
            newpassword: new_password,
            field_names: arr_field_names,
            field_values: arr_field_values,

            // Either pass a row id as the 'id' OR a where clause as the 'condition' never both
            id: null,
            condition: null
        },
        dataType: 'text',
        timeout: 20000,
        error: function(){
            $('#cp-div-error').html('');
            $('#cp-div-error').append('<p>There was an error updating the data, please try again later.</p>');
            $('#cp-div-error').dialog('open');
        },
        success: function(response){

            // Refresh page
           // location.reload(true);


        }
    });


}

最后是 PHP 更新:

public function password($tableName)
{

    $PDO = new SQL();
    $dbh = $PDO->connect(Database::$serverIP, Database::$serverPort, Database::$dbName, Database::$user, Database::$pass);

    $username = UserAccount::get_useremail();
    $password = hash('sha256',trim($_GET['newpassword']));
    $oldpassword = hash('sha256',trim($_GET['oldpassword']));


        // Does the password given match the password held?
       $this->sql = "UPDATE $tableName SET password = '$password' WHERE UserName = '$username'";

    try {
                // Query
                $stmt = $dbh->prepare($this->sql);

                $stmt->execute();

                $count = $stmt->rowCount();

                echo $count.' row(s) updated by SQL: '.$stmt->queryString;

                $stmt->closeCursor();

            }

            catch (PDOException $pe) {
                echo 'Error: ' .$pe->getMessage(). 'SQL: '.$stmt->queryString;
                die();
            }

                // Close connection
                $dbh = null;

        }
4

2 回答 2

1

你几乎明白了..关键在这里:

success: function(response) { .. }

只是玩响应可能是这样的:

success: function(response) {
    if (response == "wrong password") alert ("don't guess");
    else if (response == "password changed") alert ('you got it! congrats!');
}
于 2012-05-03T09:36:11.223 回答
0

我认为 Vytautas 提出了一个很好的观点,我没有通读它,但我只是想给你一个重要的提示

$PDO->connect一下{}catch(){}

如果 PDO 连接函数出错,它会打印您的数据库信息,包括密码。

于 2012-05-03T09:39:42.523 回答