0

我创建了一个 PHP 脚本,允许我网站上的用户在注册后更改他们的密码,但是当我尝试在网站上打开它时出现错误。我相信这是由于我的语法错误,但我似乎无法发现它。有人可以看看你能找到什么吗?这是脚本:

<?php

session_start();

$user = $_SESSION['username'];

if ($user)
{
//user is logged in

if ($_POST['submit'])
{
//start changing password
//check fields

$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);

//check password against db
include('connection.php');

$queryget = mysql_query("SELECT password FROM Users WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];

//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db

$querychange = mysql_query("UPDATE Users SET password='$newpassword' WHERE   username='$user'");
session_destroy();
die("Your password has been changed. <a href='homepage.php'> Return</a>");
}
else 
die("Old password doesn't match!");
}
else

echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
 }
 else 
die ("You must be logged in to change your password");
}
 ?>

我得到的错误如下:

注意:未定义索引:在 /var/www/localhost/htdocs/changepassword.php 第 11 行提交 您必须登录才能更改密码。

在此先感谢您的帮助。

4

2 回答 2

1

那么首先你应该注意到 mysql 已被弃用,使用 mysqli 或 PDO 代替更多信息或像 NullPointer 指出的更多好信息 :)

像这样更改代码的结尾以获得您想要失败的正确结果:

 }else 
die ("Nothing came from the $_POST variable");

}else 
die ("You must be logged in to change your password");

您得到的错误可能是因为您的 $_POST 变量未设置,请使用 isset() 检查是否设置了 $_POST。示例:

if (isset($_POST['submit']))
{
//submit post was set 
}else
{
//submit post wasn´t set
}

如果您仍然没有得到任何价值,请检查您的表格。

更新:

要查看实际形式,您必须在代码保持如下形式之前结束 isset:

<?php
session_start();

$user = $_SESSION['username'];

if (isset($_SESSION['username']))
{
//user is logged in

if (isset($_POST['submit']))
{
//start changing password
//check fields

$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);


$repeatnewpassword = md5($_POST['repeatnewpassword']);

//check password against db
include('connection.php');

$queryget = mysql_query("SELECT password FROM Users WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];

//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db

$querychange = mysql_query("UPDATE Users SET password='$newpassword' WHERE   username='$user'");
session_destroy();
die("Your password has been changed. <a href='homepage.php'> Return</a>");
}
else 
die("New password doesn't match!");

}else 
die("Old password doesn't match!");

}
else
{

echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
 }

 }else 
die ("You must be logged in to change your password");


?>

但是在您登录之前您不会看到它。您的第二个问题是您的 $user 变量似乎没有任何价值。尝试上述代码后,如果它不起作用。把这条线放在后面 

$user = $_SESSION['username'];

echo 'Here it shold show the user: '.$user.'';

如果它不会显示您没有正确传递会话值。

还有一件事,如果您的表单指向同一页面,那就是将您的行更改为该行的样子:

<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8");?>" method='POST'>
于 2013-05-11T14:15:31.967 回答
0

您的输入 html 表单中有一个额外的空间

<input type='submit' name ='submit' value='submit'>

将其更改为

<input type='submit' name='submit' value='submit'>

您还应该确保

   if (isset($_POST['submit']))
于 2013-05-11T14:02:39.690 回答