0

我无法让它正常工作我正在尝试清理我的 php 文件并创建一个更改用户密码的函数。function setPass如果我将函数文件中的复制代码保留在文件中,它工作正常Login_success.php。当我将工作代码复制到functions.php具有函数名称的文件中时,setPass它不起作用我也没有收到错误消息。我意识到不使用 PDO 准备好的语句是不安全的,但一旦我开始工作,我会改变它。这是我的 login_success 文件和函数文件的代码:

函数.php

<?php
require 'DB.php';

function setPass(){   

foreach($conn->query("SELECT password FROM CLL_users WHERE user_name= '$userCurrent'") as $password1) {

    $old_pass = ($password1['password']);
}
$new_pass = md5($_POST['new_pass']);

    if (md5($_POST['old_password']) == ($old_pass) && ($_POST['new_pass']) == ($_POST['verify_pass'])) {

        $sql="UPDATE CLL_users SET password= '$new_pass' WHERE user_name= '$userCurrent'";

        $result=mysql_query($sql);



        echo "Match";
    } else {
        echo "Not a Match";
    }

}
?>

login_success.php

<?php
require 'functions.php';
require 'DB.php';
session_start();
session_is_registered(myusername);
$userCurrent = $_SESSION['myusername'];
$host="localhost"; // Host name 
$username="user"; // Mysql username 
$password="XXXXXX"; // Mysql password 
$db_name="db"; // Database name 
$tbl_name="CLL_users"; // Table name 
date_default_timezone_set('America/Chicago');
$dateCreated = date('m/d/Y h:i:s a', time());

mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

$sql="UPDATE CLL_users SET last_login= '$dateCreated' WHERE user_name= '$userCurrent'";
$result=mysql_query($sql);

if(!session_is_registered(myusername)){
header("location:main_login.php");
}
?>

    <!DOCTYPE html>
    <html>
        <head>
            <title>user</title>
            <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
            <LINK href="CLL.css" rel="stylesheet" type="text/css">
        </head>
        <body>    


        <form id ="css" action="" method="post">
        <div class="row">

            <label class ="formLabel" for="old_password">Old password:</label>
                <input type="password" name="old_password" id="old_password" />
       <br> <label class ="formLabel" for="new_pass">New Password:</label>
                <input type="password" name="new_pass" id="new_pass" />
       <br> <label class ="formLabel" for="verify_pass">Verify new password:</label>
                <input type="password" name="verify_pass" id="verify_pass" />


                    </div>     
            <input type="submit" />
    </form>

<?php 
    $_POST['old_password'] = $old_pass;
    $_POST['new_pass'] = $new_pass;
    $_POST['verify_pass'] = $verify_pass;
    if ($_SERVER['REQUEST_METHOD'] == 'POST'){
    setPass($userCurrent, $old_pass, $new_pass, $verify_pass);
    }
 ?>

        </body>
    </html>
4

1 回答 1

1

我认为问题在于代码的顺序。您应该尝试将 $userCurrent 作为参数传递,尝试使用此函数:(我还修复了一些语法错误)

function setPass($userCurrent)
{   
    foreach($conn->query("SELECT password FROM CLL_users WHERE user_name= '" . $userCurrent . "'") as $password1) {
        echo $password1['password'];
        $old_pass = ($password1['password']);
    }
    $new_pass = md5($_POST['new_pass']);
    echo "<br>";
    if (md5($_POST['old_password']) == ($old_pass) && ($_POST['new_pass']) == ($_POST['verify_pass'])) {
        $sql="UPDATE CLL_users SET password= '" . $new_pass . "' WHERE user_name= '" . $userCurrent . "'";
        $result=mysql_query($sql);
        echo "Match";
    } else {
        echo "Not a Match";
    }
    echo "<br>";
    echo md5($_POST['old_password']);
    echo "<br>";
    echo ($old_pass);
    echo "<br>";
    echo ($new_pass);
}

顺便说一句,你在这里想什么烧烤,哈哈:

  $_POST['old_password'] = $old_pass;
  $_POST['new_pass'] = $new_pass;
  $_POST['verify_pass'] = $verify_pass;
于 2012-11-03T02:29:08.263 回答