Question

出于某种原因,这个代码不是在用数据库检查当前密码,而是正确地更改密码。它也可以连接到我的数据库。它也可以检查新密码是否与确认新密码相同。这是运行中的php, 这可能会有什么问题 :

<?php if(!defined( INCLUDE_CHECK )) header("Location: index.php"); ?>

<?php

/* irrelevant parts omitted */

if($_POST[ submit ]== Change Password )
{
    // Checking whether the Change Password form has been submitted

    $err = array();
    // Will hold our errors


    if(!$_POST[ password ] || !$_POST[ newpassword ] || !$_POST[ confirmpassword ])
        $err[] =  All the fields must be filled in! ;

    if(!count($err))
    {

        if($_POST[ password ] != /* something should be here but i don t know what */)
            $err[] =  Current password is incorrect! ;

        if($_POST[ newpassword ] != $_POST[ confirmpassword ])
            $err[] =  New passwords do not match! ;

        if(!count($err))
        {           

            $pass = $_POST[ confirmpassword ];

            mysql_query(
                            "UPDATE members 
                            SET pass= ".md5($pass)."  
                            WHERE id= {$_SESSION[ id ]} "
                        );

            $_SESSION[ msg ][ change-password-success ]= Success your password has been changed! ;

        }       
    }

    if($err)
    $_SESSION[ msg ][ change-password-err ] = implode( <br /> ,$err);
    // Save the error messages in the session

    header("Location: change-password.php");
    exit;
}
?>

Answer 1

就我所看到的,你的脚本里没有任何地方你给数据库打电话来查查现有的记录...

$query = mysql_query("SELECT * FROM members WHERE id= {$_SESSION[ id ]} ");
$data = mysql_fetch_assoc($query);
if($data[ pass ] == md5($_POST[ confirmpassword ])){
echo "Old and new password matches";
}

Answer 2

出于某种原因,这个代码不是用数据库检查当前密码,而是正确更改密码。

...这是你的密码吗?

if($_POST[ password ] != /* something should be here but i don t know what */)

因为有原因它不检查密码...

此外:

它还能够连接到我的数据库,检查新密码是否与确认新密码相同。

不,它只是根据用户输入的另一个字段检查密码,没有根据数据库检查任何信息:

if($_POST[ newpassword ] != $_POST[ confirmpassword ])
        $err[] =  New passwords do not match! ;

友情链接