[英]PHP password change script
我正在嘗試制作一個腳本來更改MySQL表中的加密密碼。 我認為代碼是正確的,但是腳本不會更改密碼。 它會檢測舊密碼何時錯誤以及新密碼何時與確認密碼不匹配。 當所有內容都簽出時,它不會給出錯誤,而只是重定向。
try
{
$db = new PDO("mysql:host={$host};dbname={$dbname};charset=utf8", $username, $password, $options);
}
catch(PDOException $ex)
{
die("Failed to connect to the database: " . $ex->getMessage());
}
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$db->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
if(function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc())
{
function undo_magic_quotes_gpc(&$array)
{
foreach($array as &$value)
{
if(is_array($value))
{
undo_magic_quotes_gpc($value);
}
else
{
$value = stripslashes($value);
}
}
}
undo_magic_quotes_gpc($_POST);
undo_magic_quotes_gpc($_GET);
undo_magic_quotes_gpc($_COOKIE);
}
header('Content-Type: text/html; charset=utf-8');
session_start();
if(!empty($_SESSION['user']))
unset ($_SESSION['user']);
if(!empty($_POST))
{
$query = "
SELECT
username,
password,
salt
FROM users
WHERE
username = :username
";
$query_params = array(
':username' => $_POST['username']);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
die("Failed to run query: " . $ex->getMessage());
}
$pass = false;
$row = $stmt->fetch();
if($row)
{
$check_password = hash('sha256', $_POST['old'] . $row['salt']);
for($round = 0; $round < 65536; $round++)
{
$check_password = hash('sha256', $check_password . $row['salt']);
}
if($check_password !== $row['password'])
{
die("Incorrect old password!");
}
if($_POST['new'] !== $_POST['confirm'])
{
die("Password does not match!");
}
$pass = true;
}
if($pass)
{
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['new'] . $salt);
for($round = 0; $round < 65536; $round++)
{
$password = hash('sha256', $password . $salt);
}
$query1 = " UPDATE users SET password = ':password', salt = ':salt' WHERE username = ':username' ";
$query_params1 = array(
':username' => $_POST['username'],
':password' => $password,
':salt' => $salt
);
try
{
$stmt1 = $db->prepare($query1);
$result1 = $stmt1->execute($query_params1);
}
catch(PDOException $e)
{
die("Failed to run query: " . $e->getMessage());
}
header("Location: index.php");
die;
}
else
{
print("Password change failed.");
}
}
您不引用綁定變量:
$query1 = 'UPDATE users SET password = :password, salt = :salt WHERE username = :username";
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.