![](/img/trans.png)
[英]Future Proofing Changes to Validation of Username/Password Field in ZFCUser
[英]Password field in DB changes to 0
此代碼不會更改已登錄用戶的密碼,而是會更改為0,然后不允許我重新登錄。我知道md5不是最安全的方法,因為它不會成為活動站點僅用於一個項目。 但是,我願意提出有關替代方案的建議。 我在數據庫中有兩個字段,分別稱為password和password2,一旦它們更改了密碼,都需要同時更改它們。 此外,錯誤消息也不會顯示。
<?php
session_start();
if (!isset($_SESSION["user_login"])) {
header("Location: sign_up.php");
} else {
$username = $_SESSION["user_login"];
}
include ("connect.php");
?>
<?php
//Variables
if(isset($_POST['change_pass_submit'])){
$oldpassword = $_POST['oldpassword'];
$newpassword1 = $_POST['newpassword1'];
$newpassword2 = $_POST['newpassword2'];
$pass_query = mysqli_query ($connect, "SELECT * FROM users WHERE email='$username'");
while ($row = mysqli_fetch_assoc($pass_query)) {
$existing_pass = $row ['password'];
//Checking if md5 encrypted password matches
$md5_oldpassword = md5($oldpassword);
//check if the old password and the old password entered now match
if ($md5_oldpassword == $existing_pass){
//check if the two new passwords match
if ($newpassword1 == $newpassword2) {
$md5_newpassword = md5($newpassword1);
$md5_newpassword2 = md5($newpassword2);
//Query to update the password
$password_update_query = mysqli_query($connect, "UPDATE users SET password='$md5_newpassword' AND password2='$md5_newpassword2' WHERE email='$username'");
echo "Your password has now changed!";
}
else{
echo "Your new password and re entered password does not match. Please try again.";
}
}
else {
echo "Your old password does not match. Please try again.";
}
}
}
?>
<div class="container">
<h3> Change your Password: </h3>
<form action="" method="POST" enctype="multipart/form-data">
<div class="form-group">
<label for="oldpassword">Old Password:</label>
<input type="oldpassword" class="form-control" name="oldpassword" placeholder="Enter old password" >
</div>
<div class="form-group">
<label for="newpassword1">New Password:</label>
<input type="newpassword1" class="form-control" name="newpassword1" placeholder="Enter new password" >
</div>
<div class="form-group">
<label for="newpassword2">New Password:</label>
<input type="newpassword2" class="form-control" name="newpassword2" placeholder="Re-Enter new password" >
</div>
<center>
<button type="submit" class="btn btn-primary" name="change_pass_submit" style=" background-color:#337AB7; color:white;">Change Password</button>
</center>
</form>
</div>
您的查詢中有一個錯誤:
"UPDATE users SET password='$md5_newpassword' AND password2='$md5_newpassword2' WHERE email='$username'"
它應該是:
"UPDATE users SET password='$md5_newpassword', password2='$md5_newpassword2' WHERE email='$username'"
但是,查詢中的錯誤不是這里的大問題。 大的問題是您的代碼極其不安全 :
password_hash
和password_verify
而不是md5
( md5
哈希算法很舊。已經發現了幾個問題。對於密碼哈希,問題在於它的設計速度很快 。快速意味着易於破解。快速意味着專用硬件每秒可以進行3500億次猜測 )。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.