0

由于某种原因,此代码未使用数据库检查当前密码,但它确实正确更改了密码。它还能够连接到我的数据库。它还可以检查新密码是否与确认新密码相同。这是正在运行的 php,这可能有什么问题:

<?php if(!defined('INCLUDE_CHECK')) header("Location: index.php"); ?>

<?php

/* irrelevant parts omitted */

if($_POST['submit']=='Change Password')
{
    // Checking whether the Change Password form has been submitted

    $err = array();
    // Will hold our errors


    if(!$_POST['password'] || !$_POST['newpassword'] || !$_POST['confirmpassword'])
        $err[] = 'All the fields must be filled in!';

    if(!count($err))
    {

        if($_POST['password'] != /* something should be here but i don't know what */)
            $err[] = 'Current password is incorrect!';

        if($_POST['newpassword'] != $_POST['confirmpassword'])
            $err[] = 'New passwords do not match!';

        if(!count($err))
        {           

            $pass = $_POST['confirmpassword'];

            mysql_query(
                            "UPDATE members 
                            SET pass='".md5($pass)."' 
                            WHERE id='{$_SESSION['id']}'"
                        );

            $_SESSION['msg']['change-password-success']='Success your password has been changed!';

        }       
    }

    if($err)
    $_SESSION['msg']['change-password-err'] = implode('<br />',$err);
    // Save the error messages in the session

    header("Location: change-password.php");
    exit;
}
?>
4

2 回答 2

2

由于某种原因,此代码未使用数据库检查当前密码,但它确实正确更改了密码。

...这实际上是您的代码吗?或者你的问题措辞不好?

if($_POST['password'] != /* something should be here but i don't know what */)

因为没有检查密码是有原因的...

还:

它还能够连接到我的数据库并检查新密码是否与确认新密码相同。

不,不是——它只是根据用户键入的其他字段检查密码——它没有对数据库进行任何检查:

if($_POST['newpassword'] != $_POST['confirmpassword'])
        $err[] = 'New passwords do not match!';
于 2012-05-25T11:28:36.430 回答
1

好吧,据我所知,您的脚本中没有任何地方可以调用数据库来检查现有记录...

$query = mysql_query("SELECT * FROM members WHERE id='{$_SESSION['id']}'");
$data = mysql_fetch_assoc($query);
if($data['pass'] == md5($_POST['confirmpassword'])){
echo "Old and new password matches";
}
于 2012-05-25T11:31:22.313 回答