0

我试图实现一个在数据库中更改密码的表单,但是,当我在表单上提交详细信息时,它只是将我定向到目标页面......但显示出来并且浏览器上的纯文本代码...... .为什么要这样做!

表格:

    <h1 align="center">Change Password</h1>

            <form method="POST" action="reset_pwd.php">
                <table class='altrowstable' id='alternatecolor' >
                    <tr>
                        <td align="right">Username: </td>
                        <td><input type="TEXT" name="username" value=""/></td>
                    </tr>
                    <tr>
                        <td align="right">Current Password: </td>
                        <td><input type="password" name="password" value=""/></td>
                    </tr>
                    <tr>
                        <td align="right">New Password: </td>
                        <td><input type="password" name="npassword" value=""/></td>
                    </tr>
                    <tr>
                        <td align="right">Repeat New Password: </td>
                        <td><input type="password" name="rpassword" value=""/></td>
                    </tr>
                    <tr><td align="center">
                        <a href="forgot_password.php">Forgot password</a>
                        </td>
                   <td>
                        <input type="submit" name="submit" value="Change Password"/>
                        </td>
                    </tr>
                </table>

            </form>
        <br>
 <?php echo $msg; ?>

和目标php页面:

<?php
include('dbconfig.php');


$msg = "";


if (mysql_real_escape_string($_POST['submit'])):


    $username = mysql_real_escape_string($_POST['username']);
    $password = mysql_real_escape_string(md5($_POST['password']));
    $npassword = mysql_real_escape_string(md5($_POST['npassword']));
    $rpassword = mysql_real_escape_string(md5($_POST['rpassword']));





    $sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
    $query = mysql_query($sql);
    $numrows = mysql_num_rows($query);


    while ($rows = mysql_fetch_array($query)):

        $dbusername = $rows['username'];
        $dbpassword = $rows['password'];
        $dbfirstname = $rows ['firstname'];
        $dblastname = $rows ['lastname'];

    endwhile;


    if (empty($username) || empty($password) || empty($npassword) || 
    empty($rpassword)):

        $msg = "All fields are required";

    elseif ($numrows == 0):

        $msg = "This username does not exist";

    elseif ($password != $dbpassword):

        $msg = "The CURRENT password you entered is incorrect.";

    elseif ($npassword != $rpassword):

        $msg = "Your new passwords do not match";

    elseif ($npassword == $password):

        $msg = "Your new password cannot match your old password";

    else:


        mysql_query("UPDATE user_info SET password = '$npassword' WHERE user_id = 
         '$username'");

        $to = $email;

        $subject = "YOUR PASSWORD HAS BEEN CHANGED";

        $message = "<p>Hello $dbfirstname $dblastname. You've received this E-Mail
        because you have requested a PASSWORD CHANGE. ";

        $from = "myemail@.com";

        $headers = "From: $from";


        mail($to,$subject,$message,$headers);

        endif;
  endif;

 ?>
4

4 回答 4

0

目标 php 中的第一个 $msg 仅用于目标 php,不会将值返回到表单

其次,您可能会寻找 if (isset($_POST['submit'])): 而不是 if (mysql_real_escape_string($_POST['submit'])):

于 2013-03-20T11:51:24.307 回答
0

请检查...“user_info”表中“user_id”的类型是什么...以及您在表单中的用户名字段中获得了什么。

我在问这个查询......

$sql = "SELECT * FROM user_info WHERE user_id = '$username' ";
于 2013-03-20T11:49:28.030 回答
0

没有来自目标页面的 html 响应将显示在浏览器中。为了显示内容,您需要形成正确的 html 以便它可以在浏览器中显示。

在目标页面的末尾添加以下 html 代码,以便显示消息(验证或成功)。

<html><body>put your message here</body></htm>
于 2013-03-20T11:45:13.693 回答
0

您可能忘记了包含文件“dbconfig.php”末尾的额外?>,从而将目标 php 页面视为 html。

于 2013-03-20T11:53:58.020 回答