[英]change password form using MD5?
I have the php code for changing user password.我有用于更改用户密码的 php 代码。 but after I tried the code... when submitting the new password.. the new password became revealed in the sql database... I want it to be in md5 code password.但是在我尝试了代码之后……提交新密码时……新密码在 sql 数据库中显示出来……我希望它是 md5 密码。 can you please fix the problem with my code你能用我的代码解决问题吗
if($_REQUEST['do'] == 'edit')
{
$title = 'change password';
$page = $_POST['page'];
$userId = safe($_POST['userId']);
$passwd = safe($_POST['password']);
$email = safe($_POST['Email']);
$passw2 = $_POST['password2'];
if(md5($passwd) == $_SESSION['user']['password'])
{
if(empty($passw2))
{
$pass = $_SESSION['user']['password'];
}
else
{
$pass = $passw2;
}
$query = $db->query("UPDATE users SET email = '".$email."' , password = '".$pass."' WHERE Id = '".$userId."' ");
if($query)
{
$msg = "password changed successfully";
}
Replace代替
$pass = $passw2;
with和
$pass = hash('md5', $passw2);
The $_SESSION['user']['password'] is (is suppoused) encoded as MD5 but the passw2 fetched from the user form is plain. $_SESSION['user']['password'] 被(假定)编码为 MD5,但从用户表单中获取的 passw2 是普通的。
you need to change你需要改变
$pass = $passw2;
by经过
$pass = md5($passw2);
to enconde as md5 the password before submit it to the database.在将密码提交到数据库之前将其编码为 md5。 And also change the $_SESSION['user']['password'] with the new password or the user can change only one time the password in the same session.并且还用新密码更改 $_SESSION['user']['password'] 或者用户只能在同一个 session 中更改一次密码。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.