我创建了一个页面,允许用户更改密码和电子邮件。所有这些都有效,但由于某种原因,当我只想更改我的电子邮件时,我也得到了该字段当前密码不正确.
电子邮件本身在数据库中发生了变化,但这显示了出来,我显然已经验证了它的显示,但我不确定如何编写一个新查询,如果仅更改电子邮件,该查询将忽略以前的查询。
My code:
<title>Honda |</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
<link href='http://fonts.googleapis.com/css?family=Julius+Sans+One' rel='stylesheet' type='text/css'>
<link href="../css/style.css" rel="stylesheet" type="text/css" media="all" />
<?php
session_start();
$username = $_SESSION['sess_user'];
echo '<div class="search1"><h2>'.$username.'</h2><div class="search12"><h2><a href="index2.php">Home</a></h2></p></div></div>';
if (isset($_SESSION['sess_user']))
{
//user is logged in
if (isset($_POST['submit']))
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$email = $_POST['email'];
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('../includes/config.php');
$queryget = mysql_query("SELECT password FROM login WHERE username='$username'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
if (isset($_POST['repeatnewpassword']) AND isset($_POST['newpassword']) AND $_POST['newpassword'] != '') {
if ($newpassword==$repeatnewpassword)
{
$querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE username='$username'");
echo "<div class='successmate'><br><br><br><br><hr>Password has been changed!</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
}
else {echo "<div class='results'>new password(s) dont match</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";}
}
}
else {echo "<div class='results'>current password doesnt match</div><div class='successmate'><h2><p><a href='changepassword.php'><br><br>Try again?</a></p></h2></div>";}
if (isset($_POST['email']) AND $_POST['email'] != '') {
$querychange = mysql_query("UPDATE login SET email='$email' WHERE username='$username'");
echo "<div class='successmate'><br><br><br><br><hr>Your email has been changed</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
}}
else
{
echo"
<form class='search1' action='changepassword.php' method='POST'>
<label>Current Password:</label> <input type='password' id='password' name='oldpassword'><p>
<label>New Password:</label> <input type='password' id='password' name='newpassword'><p>
<label>Repeat New Password:</label> <input type='password' name='repeatnewpassword'><p>
<label>Email:</label> <input type='email' name='email'><p>
<input type='submit' name='submit' class='submit' value='submit'><br><br><br>
<h2><p><a href='index2.php'>Back</a></p></h2>
</form>
";
}}
else
die ("You must be logged in to change your password");
?>
<img src="../images/main.jpg">
您正在检查是否为密码设置了 post 值(它们始终如此,因为该表单元素将始终被提交)。不要简单地检查这些值是否已设置,而是确保它们不为空。使用empty() 另外,进行比较时不要使用单词“AND”,而应使用与运算符“&&”。
if (!empty($_POST['repeatnewpassword']) && !empty($_POST['newpassword'])) {
if ($newpassword==$repeatnewpassword)
{
$querychange = mysql_query("UPDATE login SET password='$newpassword' WHERE username='$username'");
echo "<div class='successmate'><br><br><br><br><hr>Password has been changed!</hr></div><div class='successmate'><br><hr><br><h2><p><a href='index2.php'><br><br></a></p></h2></div>";
}
else {echo "<div class='results'>new password(s) dont match</div><div class='successmate'><br><br><h2><p><a href='changepassword.php'>try again?</a></p></h2></div>";}
}
我正在查看错误的代码块。上面的建议是好的建议,但你的问题在这里:
如果密码字段为空,那么它们将永远不会相同,所以if ($oldpassword==$oldpassworddb)将始终评估为 false。
Try
if ($oldpassword==$oldpassworddb && !empty($_POST['oldpassword']))
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)
