php - 更新数据库中的密码

Question

第一件事。我知道 bcrypt 是一个更好的选择，而且我确实有一个具有 bcrypt 的代码版本，它只是 godaddy 不支持 bcrypt。所以我现在必须坚持这个版本。

所以我试图有一个更新/更改用户密码的表单。当然不是更新。

代码分为以下形式：

<?php
            if(empty($_POST) === false) {

                if(empty($_POST['current_password']) || empty($_POST['password']) || empty($_POST['password_again'])){

                    $errors[] = 'All fields are required';

                }else if($bcrypt->verify($_POST['current_password'], $user['password']) === true) {

                    if (trim($_POST['password']) != trim($_POST['password_again'])) {
                        $errors[] = 'Your new passwords do not match';
                    } else if (strlen($_POST['password']) < 6) { 
                        $errors[] = 'Your password must be at least 6 characters';
                    } else if (strlen($_POST['password']) >18){
                        $errors[] = 'Your password cannot be more than 18 characters long';
                    } 

                } else {
                    $errors[] = 'Your current password is incorrect';
                }
            }

            if (isset($_GET['success']) === true && empty ($_GET['success']) === true ) {
                echo '<p>Your password has been changed!</p>';
            } else {?>
            <h1>Change Password</h1>
            <fieldset>
            <legend>Log In</legend>
                <?php
                if (empty($_POST) === false && empty($errors) === true) {
                    $users->change_password($user['id'], $_POST['password']);
                    header('Location: change-password.php?success');
                } else if (empty ($errors) === false) {

                    echo '<p>' . implode('</p><p>', $errors) . '</p>';  

                }
                ?>
                <form action="" method="post">
                   <table border="0">
                   <tr>
                   <td width="200">
                   Current password:
                   </td>
                   <td>
                   <input type="password" name="current_password">
                   </td>
                   </tr>
                   <tr>
                   <td>
                   New password:
                   </td>
                   <td>
                   <input type="password" name="password">
                   </td>
                   </tr>
                   <tr>
                   <td>
                   New password again:
                   </td>
                   <td>
                   <input type="password" name="password_again">
                   </tr>
                   </table>
                   <br>
                   <input type="submit" value="Change password">

                </form>
            <?php 
            }
            ?> 
            </fieldset>

和php代码：

public function change_password($user_id, $password) {

        //global $bcrypt;

        /* Two create a Hash you do */
        $timeNew        = time();
        $email_codeNew = hash("sha256", $username + microtime());
        $password_hash = hash("sha256", $password);

        $query = $this->db->prepare("UPDATE `users` SET `password` = ?, `email_code` = ?, `time` = ? WHERE `id` = ?");

        $query->bindValue(1, $password_hash);
        $query->bindValue(2, $email_codeNew);
        $query->bindValue(3, $timeNew);
        $query->bindValue(4, $user_id);             

        try{
            $query->execute();
            return true;
        } catch(PDOException $e){
            die($e->getMessage());
        }

    }

Answer 1

我已经模拟了一个执行此操作的 php 页面 - 它也已经过测试并且可以工作，我想这可能是因为您在函数中使用 === alot 的方式，我不确定这些函数的返回为他们不在这里，但希望如果您运行以下代码，您可以添加和调整您拥有的代码

编辑用于测试当前密码始终只是密码，更改密码功能将始终通过。

<?php

/**
 * @author - Sephedo
 * @for - patgarci @ Stackoverflow
 * @question - http://stackoverflow.com/questions/18728434/updating-the-password-in-the-database
 */

function verifyPassword( $password )
{
    return ( $password == 'password' )? true : false;
}

function changePassword( $password )
{
    return true;
}

if(! empty( $_POST ) )
{
    // check if all of the fields exists and are not empty
    if( empty( $_POST['current_password'] ) or empty( $_POST['password_new'] ) or empty( $_POST['password_again'] ) )
    {
        $errors[] = "All fields are required";
    }
    elseif( verifyPassword( $_POST['current_password'] ) ) // check if the password is valid.
    {
        $_POST['password_new'] = trim( $_POST['password_new'] );
        $_POST['password_again'] = trim( $_POST['password_again'] );

        // check for matching password
        if( $_POST['password_new'] != $_POST['password_again'] ) $errors[] = "Your passwords do not match";

        // check for min limit
        if( strlen( $_POST['password_new'] ) < 6 ) $errors[] = "Your new password needs to be at least 6 characters";

        // check for min limit
        if( strlen( $_POST['password_new'] ) > 18 ) $errors[] = "Your new password needs to be at less than 18 characters";

        // Make sure no errors have occured and change password returns true
        if(! isset( $errors ) and ! changePassword( $_POST['password_new'] ) )
        {
            $errors[] = "An unknown error has occured, please try again";
        }
    }
    else
    {
        $errors[] = "Your current password is invalid";
    }

    // DISPLAY ERRORS
    if(! isset( $errors ) )
    {
        echo "<span>Your password has been changed!</span>";
    }
    else
    {
        foreach( (array) $errors as $error )
        {
            echo "<span>$error</span><br />";
        }
    }   
}

?>

<form method="POST" >
<fieldset>
<legend>Change Password</legend>
<label for="current_password">Current Password</label> <input type="password" name="current_password" />
<label for="password_new">New Password</label> <input type="password" name="password_new" />
<label for="password_again">Current Password</label> <input type="password" name="password_again" />
<input type="submit" value="Save Changes" />
</fieldset>
</form>