[英]I'm trying to make a change password page for my website. What am I doing wrong?
I have a page on my website that allows the users to change their passwords 我的网站上有一个页面,允许用户更改密码
The form asks for username, current password, new password, confirm new password. 表格要求输入用户名,当前密码,新密码,然后确认新密码。
If a user enters the incorrect username, the form won't change their password. 如果用户输入了错误的用户名,则表单不会更改其密码。
But if a user enters the wrong password, the form changes their password anyway. 但是,如果用户输入了错误的密码,则表单仍然会更改其密码。
My code is pasted below, if anyone can help, I would be grealt appreciative! 我的代码粘贴在下面,如果有人可以提供帮助,我将不胜感激! Thanks! 谢谢!
Joost Joost的
Changepassword information screen: 更改密码信息屏幕:
<div id="inlogscherm">
<form name="form1" method="post" action="changepw.php">
<div class="textm">Change password</div><br>
<div class="text">Username:</div><div class="invulbalkje"><? echo "{$_SESSION['myusername']}"; ?></div><br />
<input name="username" type="hidden" id="username" value="<? echo "{$_SESSION['myusername']}"; ?>">
<div class="text">Password:</div><input name="npassword" type="password" id="npassword" class="invulbalkje"><br />
<div class="text">New Password:</div><input name="newpassword" type="password" id="newpassword" class="invulbalkje"><br />
<div class="text">Repeat New Password:</div><input name="repeatnewpassword" type="password" id="repeatnewpassword" class="invulbalkje"><br />
<input type="submit" name="Submit" value="Change" class="button">
</form>
</div>
here is the php for the change.(changepw.php) 这是更改的php。(changepw.php)
<?php
session_start();
$host="localhost";
$username=",";
$password=",";
$db_name=",";
$tbl_name=",";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$username = $_POST['username'];
$password = $_POST['password'];
$newpassword = $_POST['newpassword'];
$repeatnewpassword = $_POST['repeatnewpassword'];
$encrypted_password=md5($password);
$encrypted_newpassword=md5($newpassword);
$result = mysql_query("SELECT password FROM $tbl_name WHERE username='$username' and password = '$encrypted_password'");
if(!$result)
{
header("location:error1.php");
}
if(mysql_num_rows($result)){
if($newpassword==$repeatnewpassword){
$sql=mysql_query("UPDATE $tbl_name SET password='$encrypted_newpassword' where username='$username'");
if($sql)
{
header("location:success.php");
}
else
{
header("location:error3.php");
}
} else {
header("location:error_password_not_matched.php");
}
} else {
header("location:error.php");
}
?>
If you see the problem please contact me. 如果您发现问题,请与我联系。 I will be very thankful for that! 为此我将非常感谢!
Here is one error, As I have found. 正如我所发现的,这是一个错误。
That is it, In the form, You are using the npassword
name for the password field and at the time of getting it by $password = $_POST['password'];
就是这样,在表单中,您将npassword
名称用于密码字段,并且在通过$password = $_POST['password'];
name password as you can see here. 如您在此处看到的那样,输入密码。
So simply change this code: 因此,只需更改以下代码:
$password = $_POST['password'];
With 同
$password = $_POST['npassword'];
And this will work. 这将起作用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.