无法将我的密码更新为 db
can't update my password to db
从数据库中获取密码以检查密码是否匹配后,但我仍然无法使用新密码更新我的数据库。
如果有人能帮助我解决这个问题,我将不胜感激。谢谢
此处 html 代码:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Settings</title>
<link rel="stylesheet" type="text/css" href="../css/loginstyle.css" />
<link href="https://fonts.googleapis.com/css?family=Comfortaa" rel="stylesheet">
</head>
<body>
<?php if(!empty($message)): ?>
<p><?=$message ?></p>
<?php endif; ?>
<h2 class="page-header">Settings</h2>
<p>Please edit the information</p>
<form action="settings.php" method="post">
<input type="text" placeholder="Enter your email" name="email">
<input type="password" placeholder="Enter your current password" name="old_password">
<input type="password" placeholder="Enter your new password" name="new_password">
<input type="password" placeholder="Confirm password" name="confirm_password">
<input type="submit" name="submit" value="reset">
</form>
</body>
</html>
这里是 php 代码:
<?php
//start the session
session_start();
require 'database.php';
//$message='';
if (isset($_POST['submit'])){
//check field
$oldpassword = $_POST['old_password'];
$newpassword = $_POST['new_password'];
$confirmpassword = $_POST['confirm_password'];
$message = '';
//query to get password
$query = $conn->prepare('SELECT password FROM users WHERE email = :email') or die("Query did'nt work");
$query->bindParam(':email', $_POST['email']);
$query->execute();
$results = $query->fetch(PDO::FETCH_ASSOC);
$oldpassworddb = $results['password'];
//Check password
if(count($results) > 0 && password_verify($oldpassword, $results['password']))
{
//check two new password
if($newpassword==$confirmpassword)
{
//change password in database
//echo "Success";
//enter new user and database
$sql = ('UPDATE users SET password="$newpassword" WHERE email = :email');
$query = $conn->prepare($sql);
$query->bindParam(':email', $_POST['email']);
$query->bindParam(':password',$newpassword);
$newpassword = password_hash($newpassword, PASSWORD_BCRYPT);
//$querychange->execute();
session_destroy();
die("Your password has been changed. <a href='index.php'>Return</a>to the main page.");
}
else{
die("New password don't match");
}
}
else
{
die("old password doesn't match");
}
}
else
{
}
?>
您从未执行过准备好的语句,因此查询永远不会 运行。您也没有在语句中设置 :password 参数。
// Setup :password as a parameter, don't place variable in your statements
$sql = ('UPDATE users SET password=:password WHERE email = :email');
$query = $conn->prepare($sql);
$query->bindParam(':email', $_POST['email']);
$query->bindParam(':password',$newpassword);
$newpassword = password_hash($newpassword, PASSWORD_BCRYPT);
// Execute statement
$query->execute();
另一件让我印象深刻的事情是密码散列的顺序。即使您将 $newpassword 绑定为引用,在参数绑定之后进行散列也不是很可读。牢记可读性。
PASSWORD 是一个 keyword,这就是为什么你不应该将它用作 column name。非要用的话,用的时候就用backtick
$sql = ('UPDATE users SET `password` = :password WHERE email = :email');
那就execute吧。
$query->execute();
从数据库中获取密码以检查密码是否匹配后,但我仍然无法使用新密码更新我的数据库。
如果有人能帮助我解决这个问题,我将不胜感激。谢谢
此处 html 代码:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Settings</title>
<link rel="stylesheet" type="text/css" href="../css/loginstyle.css" />
<link href="https://fonts.googleapis.com/css?family=Comfortaa" rel="stylesheet">
</head>
<body>
<?php if(!empty($message)): ?>
<p><?=$message ?></p>
<?php endif; ?>
<h2 class="page-header">Settings</h2>
<p>Please edit the information</p>
<form action="settings.php" method="post">
<input type="text" placeholder="Enter your email" name="email">
<input type="password" placeholder="Enter your current password" name="old_password">
<input type="password" placeholder="Enter your new password" name="new_password">
<input type="password" placeholder="Confirm password" name="confirm_password">
<input type="submit" name="submit" value="reset">
</form>
</body>
</html>
这里是 php 代码:
<?php
//start the session
session_start();
require 'database.php';
//$message='';
if (isset($_POST['submit'])){
//check field
$oldpassword = $_POST['old_password'];
$newpassword = $_POST['new_password'];
$confirmpassword = $_POST['confirm_password'];
$message = '';
//query to get password
$query = $conn->prepare('SELECT password FROM users WHERE email = :email') or die("Query did'nt work");
$query->bindParam(':email', $_POST['email']);
$query->execute();
$results = $query->fetch(PDO::FETCH_ASSOC);
$oldpassworddb = $results['password'];
//Check password
if(count($results) > 0 && password_verify($oldpassword, $results['password']))
{
//check two new password
if($newpassword==$confirmpassword)
{
//change password in database
//echo "Success";
//enter new user and database
$sql = ('UPDATE users SET password="$newpassword" WHERE email = :email');
$query = $conn->prepare($sql);
$query->bindParam(':email', $_POST['email']);
$query->bindParam(':password',$newpassword);
$newpassword = password_hash($newpassword, PASSWORD_BCRYPT);
//$querychange->execute();
session_destroy();
die("Your password has been changed. <a href='index.php'>Return</a>to the main page.");
}
else{
die("New password don't match");
}
}
else
{
die("old password doesn't match");
}
}
else
{
}
?>
您从未执行过准备好的语句,因此查询永远不会 运行。您也没有在语句中设置 :password 参数。
// Setup :password as a parameter, don't place variable in your statements
$sql = ('UPDATE users SET password=:password WHERE email = :email');
$query = $conn->prepare($sql);
$query->bindParam(':email', $_POST['email']);
$query->bindParam(':password',$newpassword);
$newpassword = password_hash($newpassword, PASSWORD_BCRYPT);
// Execute statement
$query->execute();
另一件让我印象深刻的事情是密码散列的顺序。即使您将 $newpassword 绑定为引用,在参数绑定之后进行散列也不是很可读。牢记可读性。
PASSWORD 是一个 keyword,这就是为什么你不应该将它用作 column name。非要用的话,用的时候就用backtick
$sql = ('UPDATE users SET `password` = :password WHERE email = :email');
那就execute吧。
$query->execute();