[英]Change password using php
我正在嘗試在小型登錄應用程序上使用php更改密碼。 當我提交表單時,它可以正確無誤地進入登錄頁面,但是密碼沒有更改。 我沒有在代碼中看到任何錯誤。 不知道這是查詢錯誤還是變量綁定錯誤。 有任何想法嗎?
<?php
// Initialize variables
$password = $confirm_password = "";
$password_err = $confirm_password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Validate password
if(empty(trim($_POST['password']))){
$password_err = "Please enter a password.";
} elseif(strlen(trim($_POST['password'])) < 6){
$password_err = "Password must have at least 6 characters.";
} elseif(!preg_match("#[0-9]+#", trim($_POST['password']))){
$password_err = "Password must have at least 1 number.";
} elseif(!preg_match("#[a-z]+#", trim($_POST['password']))){
$password_err = "Password must have at least 1 lowercase character.";
} elseif(!preg_match("#[A-Z]+#", trim($_POST['password']))){
$password_err = "Password must have at least 1 uppercase character.";
} else{
$password = trim($_POST['password']);
}
// Validate password_confirm
if(empty(trim($_POST["confirm_password"]))){
$confirm_password_err = 'Please confirm password.';
} else{
$confirm_password = trim($_POST['confirm_password']);
if($password != $confirm_password){
$confirm_password_err = 'Password did not match.';
}
}
if(empty($password_err) && empty($confirm_password_err)) {
// Prepare an update statement
$sql = "UPDATE users SET password = ? WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ss", $param_password, $param_username);
// Set parameters
$param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
$param_username = $username;
if(mysqli_stmt_execute($stmt)){
} else {
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
// Close connection
mysqli_close($link);
// Redirect to logout
header("location: logout.php");
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Change Password</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style type="text/css">
body{ font: 14px sans-serif; }
.wrapper{ width: 350px; padding: 20px; }
</style>
</head>
<body>
<div class="wrapper">
<h2>Change Password</h2>
<p>Please fill this form to change password.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post" autocomplete="off">
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>New Password:<sup>*</sup></label>
<input type="password" name="password" class="form-control" value="<?php echo $password; ?>">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($confirm_password_err)) ? 'has-error' : ''; ?>">
<label>Confirm Password:<sup>*</sup></label>
<input type="password" name="confirm_password" class="form-control" value="<?php echo $confirm_password; ?>">
<span class="help-block"><?php echo $confirm_password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
<input type="reset" class="btn btn-default" value="Reset">
</div>
</form>
</div>
</body>
</html>
這是我的login.php:
<?php
// Include config file
require_once 'config.php';
// Define variables and initialize with empty values
$username = $password = "";
$username_err = $password_err = "";
// Processing form data when form is submitted
if($_SERVER["REQUEST_METHOD"] == "POST"){
// Check if username is empty
if(empty(trim($_POST["username"]))){
$username_err = 'Please enter username.';
} else{
$username = trim($_POST["username"]);
}
// Check if password is empty
if(empty(trim($_POST['password']))){
$password_err = 'Please enter your password.';
} else{
$password = trim($_POST['password']);
}
// Validate credentials
if(empty($username_err) && empty($password_err)){
// Prepare a select statement
$sql = "SELECT username, password FROM users WHERE username = ?";
if($stmt = mysqli_prepare($link, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "s", $param_username);
// Set parameters
$param_username = $username;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Store result
mysqli_stmt_store_result($stmt);
// Check if username exists, if yes then verify password
if(mysqli_stmt_num_rows($stmt) == 1){
// Bind result variables
mysqli_stmt_bind_result($stmt, $username, $hashed_password);
if(mysqli_stmt_fetch($stmt)){
if(password_verify($password, $hashed_password)){
/* Password is correct, so start a new session and
save the username to the session */
if($stmt = mysqli_prepare($link)){
mysqli_stmt_bind_param($stmt, "ss", $param_username);
$param_username = $username;
if(mysqli_stmt_execute($stmt)){
} else {
echo "Oops! Something went wrong. Please try again later.";
}
}
session_start();
$_SESSION['username'] = $username;
header("location: welcome.php");
} else{
// Display an error message if password is not valid
$password_err = 'You have entered an invalid username or password.';
}
}
} else{
// Display an error message if username doesn't exist
$username_err = 'You have entered an invalid username or password.';
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
}
// Close connection
mysqli_close($link);
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Login</title>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.css">
<style type="text/css">
body{ font: 14px sans-serif; }
.wrapper{ width: 350px; padding: 20px; }
</style>
</head>
<body>
<div class="wrapper">
<h2>Login</h2>
<p>Please fill in your credentials to login.</p>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]); ?>" method="post" autocomplete="off">
<div class="form-group <?php echo (!empty($username_err)) ? 'has-error' : ''; ?>">
<label>Username:<sup>*</sup></label>
<input type="text" name="username"class="form-control" value="<?php echo $username; ?>">
<span class="help-block"><?php echo $username_err; ?></span>
</div>
<div class="form-group <?php echo (!empty($password_err)) ? 'has-error' : ''; ?>">
<label>Password:<sup>*</sup></label>
<input type="password" name="password" class="form-control">
<span class="help-block"><?php echo $password_err; ?></span>
</div>
<div class="form-group">
<input type="submit" class="btn btn-primary" value="Submit">
</div>
<p>Don't have an account? <a href="register.php">Sign up now</a>.</p>
</form>
</div>
</body>
</html>
從來沒有聲明$username
變量,所以...我不知道您從哪里獲取用戶名,但是無論在哪里,都應該使用它。
我看到您希望將用戶名用作更新和其他所有操作的主鍵。 那很酷,不是我個人的做法,但這很好。 由於到目前為止我無法在您的代碼中看到要更新的用戶名,因此我猜您正在使用$_SESSION
或$_COOKIE
。
無論哪種情況,您都應該利用這些信息來設置SQL查詢的變量。 否則它將完全為空,因此SQL查詢實際上將如下所示:
UPDATE `users` SET `password` = '$2y&scfncekr3kj437hdw8e7' WHERE `username` = ''
那根本不會做任何事情。
綁定參數之前,應先設置參數(變量)。
// Set parameters (variables)
$param_password = password_hash($password, PASSWORD_DEFAULT); // Creates a password hash
$param_username = $username; // this should be empty so far... maybe $_SESSION['username'] ??
// Bind parameters to the prepared statement
mysqli_stmt_bind_param($stmt, "ss", $param_password, $param_username);
我並不是說順序是有問題的,因為從未設置$username
的事實是事實,但這更容易閱讀。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.