由于某种原因,此代码未使用数据库检查当前密码,但它确实正确更改了密码。它还能够连接到我的数据库。它还可以检查新密码是否与确认新密码相同。这是正在运行的 php,这可能有什么问题:
<?php if(!defined('INCLUDE_CHECK')) header("Location: index.php"); ?>
<?php
/* irrelevant parts omitted */
if($_POST['submit']=='Change Password')
{
// Checking whether the Change Password form has been submitted
$err = array();
// Will hold our errors
if(!$_POST['password'] || !$_POST['newpassword'] || !$_POST['confirmpassword'])
$err[] = 'All the fields must be filled in!';
if(!count($err))
{
if($_POST['password'] != /* something should be here but i don't know what */)
$err[] = 'Current password is incorrect!';
if($_POST['newpassword'] != $_POST['confirmpassword'])
$err[] = 'New passwords do not match!';
if(!count($err))
{
$pass = $_POST['confirmpassword'];
mysql_query(
"UPDATE members
SET pass='".md5($pass)."'
WHERE id='{$_SESSION['id']}'"
);
$_SESSION['msg']['change-password-success']='Success your password has been changed!';
}
}
if($err)
$_SESSION['msg']['change-password-err'] = implode('<br />',$err);
// Save the error messages in the session
header("Location: change-password.php");
exit;
}
?>