堆栈内存溢出
  简体   繁体   English

如何使PHP代码检查插入的当前密码是否是MySQL数据库中的正确密码

[英]How to make PHP code check if inserted current password is correct password from MySQL database

 原文  2014-04-10 10:16:26       php/ html

问题描述

I am making website settings form, where user could change password and email address. 我正在制作网站设置表格,用户可以在其中更改密码和电子邮件地址。

My code is following: 我的代码如下: 

<meta charset="UTF-8"/>
<?php
include_once 'init/init.funcs.php';

$kehtiv_parool=mysql_real_escape_string($_POST['kehtiv_parool']);
$kehtiv_parool_uuesti=mysql_real_escape_string($_POST['kehtiv_parool_uuesti']);
$uus_parool=mysql_real_escape_string($_POST['uus_parool']);
$kinnita_uus_parool=mysql_real_escape_string($_POST['kinnita_uus_parool']);
$email=mysql_real_escape_string($_POST['email']);
$userid=$_SESSION['user'];
$current_password = mysql_query("SELECT parool FROM kasutajad WHERE kasutaja_id ='$userid'");


if ($kehtiv_parool==$kehtiv_parool_uuesti){
    if ($kehtiv_parool==$current_password){
        if ($uus_parool==$kinnita_uus_parool){
            mysql_query ("UPDATE kasutajad SET parool='$uus_parool' WHERE kasutaja_id='$userid'");
            echo "parool muudetud";
            }

        if (!empty($_POST['email'])){
            mysql_query ("UPDATE kasutajad SET e_mail='$email' WHERE kasutaja_id='$userid' ");
            echo "e-mail muudetud";
    }
    }
    else
        echo "Sisestatud kehtiv parool ei ole korrektne";

}
else
    echo "Sisestatud kehtivad paroolid ei kattu";

?>

When I remove some code it works: 当我删除一些代码时,它可以工作: 

<meta charset="UTF-8"/>
<?php
include_once 'init/init.funcs.php';

$kehtiv_parool=mysql_real_escape_string($_POST['kehtiv_parool']);
$kehtiv_parool_uuesti=mysql_real_escape_string($_POST['kehtiv_parool_uuesti']);
$uus_parool=mysql_real_escape_string($_POST['uus_parool']);
$kinnita_uus_parool=mysql_real_escape_string($_POST['kinnita_uus_parool']);
$email=mysql_real_escape_string($_POST['email']);
$userid=$_SESSION['user'];
$current_password = mysql_query("SELECT parool FROM kasutajad WHERE kasutaja_id ='$userid'");


if ($kehtiv_parool==$kehtiv_parool_uuesti){
        if ($uus_parool==$kinnita_uus_parool){
            mysql_query ("UPDATE kasutajad SET parool='$uus_parool' WHERE kasutaja_id='$userid'");
            echo "parool muudetud";


        if (!empty($_POST['email'])){
            mysql_query ("UPDATE kasutajad SET e_mail='$email' WHERE kasutaja_id='$userid' ");
            echo "e-mail muudetud";
    }
    }
    else
        echo "Sisestatud kehtiv parool ei ole korrektne";

}
else
    echo "Sisestatud kehtivad paroolid ei kattu";

But now it wont check if inserted old password is correct password of user, how should I write this code to make it work? 但是现在它不会检查插入的旧密码是否是用户的正确密码,如何编写此代码才能使其正常工作? Variable kehtiv_parool holds value of current password which user inserted in html form and kehtiv_parool_uuesti is confirmation of same thing. 变量kehtiv_parool保持用户以html格式插入的当前密码的值,而kehtiv_parool_uuesti是同一件事的确认。

My HTML is following: 我的HTML如下: 

<html>
<head>
<meta charset="UTF-8"/>
<title>Seaded</title>
</head>
<body>
<p>Täida väljad, mida soovid muuta</p>
<form action="seaded.php" method="POST">
<br>Uus parool<input type="password" name="uus_parool"> <br>

<br>Kinnita uus parool <input type="password" name="kinnita_uus_parool">
<br>

<br>e-mail             <input type="text" name="email"><br>
<hr>
<br>Sisesta kehtiv parool <input type="password" name="kehtiv_parool"><br>

<br>Sisesta kehtiv parool uuesti <input type="password" name="kehtiv_parool_uuesti"><br>


<input type="submit" value="Kinnita">

</form>



</body>
</html>

2 个解决方案

解决方案1
 0  2014-04-10 10:20:28

您可以在登录到数据库的会话中添加加密的pw,然后在每一页上检查加密的pw,然后等到该页面继续操作,否则清除会话并重定向到索引页(例如登录名)页)

解决方案2
 0 已采纳  2014-04-10 10:24:12

You need to call mysql_fetch_assoc to get the row that the query returns. 您需要调用mysql_fetch_assoc以获取查询返回的行。 

$current_password_result = mysql_query("SELECT parool FROM kasutajad WHERE kasutaja_id ='$userid'");
$current_password_row = mysql_fetch_assoc($current_password_result);
$current_password = $current_password_row ? $current_password_row['parool'] : null;

if ($kehtiv_parool==$kehtiv_parool_uuesti){
    if ($kehtiv_parool===$current_password){

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 PHP mySQL检查用户名和密码是否在数据库中 - PHP mySQL check if username and password are in the database 如何让mysql和php一起工作而不显示数据库密码 - How to make mysql and php work together and without show the database password 如何验证php中的密码是通过mysql查询手动散列插入到数据库中的? - How to verify a password in php which was inserted into the database through manual hashing by mysql query? PHP当前密码检查和更新哈希密码 - php current password check and update hash password C#-MySQL数据库,加密后检查密码是否正确? - C# - MySQL Database, Check password is correct when it's encrypted? PHP的旧密码从数据库检查 - php old password check from database PHP检查当前密码错误 - php check current password error 在PHP中如何检查哈希密码是否与数据库密码匹配 - In PHP how to check if hashed password match database password 如何使用PHP从MySQL数据库获取密码值 - How to get value of password from MySQL database using PHP 如何让我的PHP文件正确地从数据库中调用密码? - How to make my PHP files call the password from the database properly?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM