stackoom
  简体   繁体   中英

How to make PHP code check if inserted current password is correct password from MySQL database

 原文  2014-04-10 10:16:26       php/ html

Question

I am making website settings form, where user could change password and email address.

My code is following: 

<meta charset="UTF-8"/>
<?php
include_once 'init/init.funcs.php';

$kehtiv_parool=mysql_real_escape_string($_POST['kehtiv_parool']);
$kehtiv_parool_uuesti=mysql_real_escape_string($_POST['kehtiv_parool_uuesti']);
$uus_parool=mysql_real_escape_string($_POST['uus_parool']);
$kinnita_uus_parool=mysql_real_escape_string($_POST['kinnita_uus_parool']);
$email=mysql_real_escape_string($_POST['email']);
$userid=$_SESSION['user'];
$current_password = mysql_query("SELECT parool FROM kasutajad WHERE kasutaja_id ='$userid'");


if ($kehtiv_parool==$kehtiv_parool_uuesti){
    if ($kehtiv_parool==$current_password){
        if ($uus_parool==$kinnita_uus_parool){
            mysql_query ("UPDATE kasutajad SET parool='$uus_parool' WHERE kasutaja_id='$userid'");
            echo "parool muudetud";
            }

        if (!empty($_POST['email'])){
            mysql_query ("UPDATE kasutajad SET e_mail='$email' WHERE kasutaja_id='$userid' ");
            echo "e-mail muudetud";
    }
    }
    else
        echo "Sisestatud kehtiv parool ei ole korrektne";

}
else
    echo "Sisestatud kehtivad paroolid ei kattu";

?>

When I remove some code it works: 

<meta charset="UTF-8"/>
<?php
include_once 'init/init.funcs.php';

$kehtiv_parool=mysql_real_escape_string($_POST['kehtiv_parool']);
$kehtiv_parool_uuesti=mysql_real_escape_string($_POST['kehtiv_parool_uuesti']);
$uus_parool=mysql_real_escape_string($_POST['uus_parool']);
$kinnita_uus_parool=mysql_real_escape_string($_POST['kinnita_uus_parool']);
$email=mysql_real_escape_string($_POST['email']);
$userid=$_SESSION['user'];
$current_password = mysql_query("SELECT parool FROM kasutajad WHERE kasutaja_id ='$userid'");


if ($kehtiv_parool==$kehtiv_parool_uuesti){
        if ($uus_parool==$kinnita_uus_parool){
            mysql_query ("UPDATE kasutajad SET parool='$uus_parool' WHERE kasutaja_id='$userid'");
            echo "parool muudetud";


        if (!empty($_POST['email'])){
            mysql_query ("UPDATE kasutajad SET e_mail='$email' WHERE kasutaja_id='$userid' ");
            echo "e-mail muudetud";
    }
    }
    else
        echo "Sisestatud kehtiv parool ei ole korrektne";

}
else
    echo "Sisestatud kehtivad paroolid ei kattu";

But now it wont check if inserted old password is correct password of user, how should I write this code to make it work? Variable kehtiv_parool holds value of current password which user inserted in html form and kehtiv_parool_uuesti is confirmation of same thing.

My HTML is following: 

<html>
<head>
<meta charset="UTF-8"/>
<title>Seaded</title>
</head>
<body>
<p>Täida väljad, mida soovid muuta</p>
<form action="seaded.php" method="POST">
<br>Uus parool<input type="password" name="uus_parool"> <br>

<br>Kinnita uus parool <input type="password" name="kinnita_uus_parool">
<br>

<br>e-mail             <input type="text" name="email"><br>
<hr>
<br>Sisesta kehtiv parool <input type="password" name="kehtiv_parool"><br>

<br>Sisesta kehtiv parool uuesti <input type="password" name="kehtiv_parool_uuesti"><br>


<input type="submit" value="Kinnita">

</form>



</body>
</html>

2 answers

solution1
 0  2014-04-10 10:20:28

您可以在登录到数据库的会话中添加加密的pw,然后在每一页上检查加密的pw,然后等到该页面继续操作,否则清除会话并重定向到索引页(例如登录名)页)

solution2
 0 ACCPTED  2014-04-10 10:24:12

You need to call mysql_fetch_assoc to get the row that the query returns. 

$current_password_result = mysql_query("SELECT parool FROM kasutajad WHERE kasutaja_id ='$userid'");
$current_password_row = mysql_fetch_assoc($current_password_result);
$current_password = $current_password_row ? $current_password_row['parool'] : null;

if ($kehtiv_parool==$kehtiv_parool_uuesti){
    if ($kehtiv_parool===$current_password){

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question PHP mySQL check if username and password are in the database How to make mysql and php work together and without show the database password How to verify a password in php which was inserted into the database through manual hashing by mysql query? php current password check and update hash password C# - MySQL Database, Check password is correct when it's encrypted? php old password check from database php check current password error In PHP how to check if hashed password match database password How to get value of password from MySQL database using PHP How to make my PHP files call the password from the database properly?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM