1

我正在尝试整理一个表格,用户可以在其中更新他们的“电子邮件地址”和“密码”。

我正在尝试合并以下场景:

  • 如果用户更改了他们的电子邮件地址,那么我希望现有的“密码”、“密码提示”和盐字段保留其当前值。
  • 如果用户更改密码,我需要创建一个新的“salt”值,添加到密码字段并使用 sha1 加密
  • 最后,如果用户更改了所有字段,则“电子邮件地址”、“密码”、“密码”提示和“盐”字段都需要更新。

这是我试图放在一起的代码:

if (isset($_POST["amendyourdetails"]))  
    {  

$password = $_POST["password"];}
$confirmpassword = $_POST["confirmpassword"];
$passwordhint = $_POST["passwordhint"];
if  ($password >=0){
$salt = uniqid(mt_rand());
$encrypted = sha1($password . $salt);
if ($emailaddress >=0){
$emailaddress = $_POST['emailaddress']; 
            mysql_query("UPDATE `userdetails` SET `emailaddress` = '$emailaddress',`password` = '$encrypted', `passwordhint` = '$passwordhint', `salt` = '$salt' WHERE `userid` = 1");
            $msg = "Your password has been successfully reset.";
            }
            }
            else if ($password == 0 ){
            if (emailaddress > 0){
            mysql_query("UPDATE `userdetails` SET `emailaddress` = '$emailaddress' WHERE `userid` = 1");
            $msg = "Your password has been successfully reset.";
            }
            }
            }
?>
<html> 
<head> 
<title>Amend Your Details</title> 
<style type="text/css">
<!--
.style1 {font-family: Calibri
}
.style9 {   font-family: Calibri;
    font-size: 24px;
    background-color: #78AFC5;
}
.style7 {
    font-family: Calibri;
    font-size: 16px;
    background-color: #FFFFFF;
}   
.style10 {color: #FF0000}
-->
</style>
<script src="gen_validatorv4.js" type="text/javascript"></script>
</head> 
<body>
<div align="center"><span class="style9">Amend Your Details </span></div>
<p class="style7"><span class="style10">
  <?php 
if (isset($msg)) // this is special section for 
// outputing message 
{ 
?>
</span>
<p class="style7">
  <span class="style10">
  <?=$msg?>
  </span>
  <p class="style7"><span class="style10">
  <?php 
} 
?>
  </span>
  <form name="amendyourdetails" id="amendyourdetails" action="amendyourdetails.php" method="post">
  <table width="418" border="1">
    <tr>
      <td width="195"><span class="style1">Email Address:</span></td>
      <td width="220"><span class="style1">
        <input name="emailaddress" type="email" value="<?php echo $emailaddress;?>" size="25"/>
      </span></td>
    </tr>
    <tr>
      <td><span class="style1">New Password:</span></td>
      <td><span class="style1">
        <input name="password" id="password" type="password" size="30"/>
      </span></td>
    </tr>
    <tr>
      <td><span class="style1">Confirm New Password:</span></td>
      <td><span class="style1">
      <input name="confirmpassword" id="confirmpassword" type="password" size="30"/>
      </span></td>
    </tr>
    <tr>
      <td><span class="style1">New Password Hint:</span></td>
      <td><span class="style1">
        <input name="passwordhint" id="passwordhint" type="text" size="30"/>
      </span></td>
    </tr>
  </table>
  <p>
    <input name="amendyourdetails" type="submit" value="Amend Your Details"> 
</p>
</form> 
<script language="JavaScript" type="text/javascript">
var frmvalidator = new Validator("amendyourdetails");
                                frmvalidator.addValidation("emailaddress","email","Please enter a valid email address");
                            //  frmvalidator.addValidation("password","minlen=6", "Minimum length for a password is 6 characters"); 
                                frmvalidator.addValidation("confirmpassword","eqelmnt=password", "The confirmed password is not the same as the password"); 
                            //  frmvalidator.addValidation("passwordhint","req","Please provide a hint for your password"); 
                            </script>
</body>
</html>

我遇到的最大问题是,一旦页面运行,就会发生“更新”操作,但我的“电子邮件地址”和“密码提示”字段中的值已被删除,我不知道为什么。

更新代码

if (isset($_POST["amendyourdetails"])) 
{ 

$emailaddress = $_POST['emailaddress']; 
$password = $_POST["password"];} 
$confirmpassword = $_POST["confirmpassword"]; 
$passwordhint = $_POST["passwordhint"]; 
if ($_POST["password"] isset()
{
$salt = uniqid(mt_rand()); 
$encrypted = sha1($password . $salt);
mysql_query("UPDATE `userdetails` SET `emailaddress` = '$emailaddress',`password` = '$encrypted', `passwordhint` = '$passwordhint', `salt` = '$salt' WHERE `userid` = 1"); 
$msg = "Your password has been successfully reset."; 
} 
}
4

2 回答 2

1

你的意思是 if(strlen($password) >=0){ ?? 还是伊塞特??

不管怎样,试试这个:

$password = $_POST['password'];
$confirmpassword = $_POST['confirmpassword'];
$passwordhint = $_POST['passwordhint'];

if(strlen($password) > 0) {
    $salt = uniqid(mt_rand());

    $encrypted = sha1($password.$salt);
}

$emailaddress = $_POST['emailaddress'];

mysql_query("UPDATE `userdetails` SET `emailaddress` = ".((strlen($emailaddress) > 0) ? "'$emailaddress'" : "emailaddress").", `password` =
        ".((strlen($password) > 0) ? "'$encrypted', `passwordhint` = '$passwordhint', `salt` = '$salt'" : "password")." WHERE `userid` = 1");

但是:从未想过 SQL 注入?

顺便说一句:对不起我的英语不好。

于 2012-01-18T16:12:04.047 回答
0

您正在检测 $password 是否大于或等于 0。如果未定义,这将评估为 true。你想检查 $_POST["password"] isset().

于 2012-01-18T16:05:10.237 回答