php - 更改mysql表中的密码？

Question

嗨，我的更改密码脚本有问题。我试图允许用户在 mysql 表 'ptb_users.password' 中更改他们的密码，假设将其存储为 md5。

当我在我的表单中点击提交时，我假设它转到 changepassword.php 但页面只是空白，没有回显，我没有收到任何错误。

有人可以告诉我我哪里出了问题，谢谢

这是我的表格：

<?php 
// CONNECT TO THE DATABASE
    require('includes/_config/connection.php');
// LOAD FUNCTIONS
    require('includes/functions.php');
// GET IP ADDRESS
    $ip_address = $_SERVER['REMOTE_ADDR'];  
?>

  <?php require_once("includes/sessionframe.php"); 
  require('includes/checks.php');
?>


<?php

if (isset ($_GET['to'])) {
$user_to_id = $_GET['to'];

}

?> 

<?php 
//We check if the form has been sent
if(isset($_POST['subject'], $_POST['message_content']))
{
    $subject = $_POST['subject'];
    $content = $_POST['message_content'];
        //We remove slashes depending on the configuration
        if(get_magic_quotes_gpc())
        {
                $subject = stripslashes($subject);
                $content = stripslashes($content);
        }
        //We check if all the fields are filled
        if($_POST['subject']!='' and $_POST['message_content']!='')
        {
            $sql = "INSERT INTO ptb_messages (id, from_user_id, to_user_id, subject, content) VALUES (NULL, '".$_SESSION['user_id']."', '".$user_to_id."', '".$subject."', '".$content."');";
            mysql_query($sql, $connection);

            echo "<div class=\"infobox2\">The message has successfully been sent.</div>";
        }
}


if(!isset($_POST['subject'], $_POST['message_content']))

if (empty($_POST['subject'])){
        $errors[] = 'The subject cannot be empty.';

    if (empty($_POST['body'])){
        $errors[] = 'The body cannot be empty.';

    }
    }

{
?>


<form method="post" action="includes/changepassword.php" name="form1" id="form1">
<input type="password" name="oldpassword" id="password" class="subject" placeholder="Old Password">

<input type="password" name="oldpassword" id="password" class="message" placeholder="Old Password">

<input type="password" name="newpassword" id="newpassword" class="message" placeholder="New Password">

<input type="image" src="assets/img/icons/loginarrow1.png" name="submit" id="submit" class="submit">
</form>

这是我的mysql函数：

<?php
require_once("session.php"); 
require_once("functions.php");
require('_config/connection.php');
?>
<?php 

session_start();

include '_config/connection.php'; 

$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$confirmnewpassword = $_POST['confirmnewpassword'];

$result = mysql_query("SELECT password FROM ptb_users WHERE id=".$_SESSION['user_id']."");





if(!$result) 
{ 
echo "The username you entered does not exist"; 
} 
else 
if($password!= mysql_result($result, 0)) 
{ 
echo ""; 
} 
if($newpassword=$confirmnewpassword) 
{
    $newpassword=md5($newpassword);
    $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id'].""); 
}
    if($sql) 
    { 
    echo "Thank You. Your Password has been successfully changed."; 
    }
else
{ 
echo "The new password and confirm new password fields must be the same"; 
}  
?>

Answer 1

if(isset($_POST['submit']))
{

   $email = $_POST['email'];
   echo $newpassword = ($_POST['password1']);
   echo $confirmpasssword = ($_POST['password2']);

        if($newpassword=$confirmpassword) 
        {
            echo $newpassword = md5($newpassword);
            echo $result = mysql_query("UPDATE users SET password='$newpassword' WHERE email='$email' "); 
        }
                if($result) 
                { 
                echo "Thank You. Your Password has been successfully changed."; 
                }
            else
            { 
            echo "The new password and confirm password fields must be the same"; 
            }  
}

can anyone tell me is this correct coding, to change password and store in mysqldb. 

Answer 2

这有很多问题。

让我们先了解一下基础知识：

1. 不要使用 mysql_ 函数。尽可能切换到 PDO 或 mysqli。

2. md5 正在消亡。看到这个答案 - 可以理解，你可能在 md5 中根深蒂固，如果不纠缠每个用户更新他们的密码，你就无法离开。

那么你的问题是这样的：

if($password!= mysql_result($result, 0))

您没有与 md5 存储的哈希进行比较。它应该是这样的：

if(md5($password) != mysql_result($result, 0)) 

和这个：

if($newpassword=$confirmnewpassword) 

只是重新分配一个变量。我想你想要

if($newpassword == $confirmnewpassword) 

至于输出，您可能需要考虑您在此处使用的 if/else 结构。这可以显着清理，所有这些看起来都过时了。也许只是一个意见。

如果您有具体的事情要磨练，请告诉我，我可能会更新。

编辑

这整个块应该被清理。这样的事情可能会有所帮助：

if(!$result) 
{ 
    echo "The username you entered does not exist"; 
} 
else
{
    if(md5($password) != mysql_result($result, 0)) 
    { 
        echo "Current PW does not match what we have"; 
    }
    else
    {
        if($newpassword == $confirmnewpassword) 
        {
            $newpassword=md5($newpassword);
            $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id']."") or die(mysql_error());

            if($sql) 
            { 
              echo "Thank You. Your Password has been successfully changed."; 
            } 
        }
        else
        { 
            echo "The new password and confirm new password fields must be the same"; 
        }
    } 
}

Answer 3

首先你没有正确检查旧密码（md5 存储，明文比较......不起作用）其次你没有设置任何确认密码，所以这也不起作用

什么会起作用：

$password = md5($_POST['password']);
$newpassword = md5($_POST['newpassword']);

$result = mysql_query("SELECT password FROM ptb_users WHERE id=".$_SESSION['user_id']." AND password = '".$password."'");
if(!$result) 
{ 
echo "The username you entered does not exist or old password didn't match"; 
} 
else
{
     $sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id'].""); 
}
if($sql) 
{ 
    echo "Thank You. Your Password has been successfully changed."; 
}