使用 php 在 pgadmin 上更改密码时出现问题
problem changing password on pgadmin with php
我正在写一个 PHP 文件来允许用户更改他们的密码,但我遇到了一个奇怪的问题。我需要旧密码来确认帐户和新密码。鉴于凭据正确,此页面总是 returns 我认为用户密码不正确,因此 returns 第 12 行的回显 "Old password wrong"。如果我在 pgAdmin 查询工具中启动 "select * from utente" 来查看密码,我在密码框中看不到任何更改。然后,如果我返回表单更改密码,如果我在旧密码框中输入我之前想更改的新密码,但似乎没有被接受,因为以前没有识别出旧密码,程序成功。我发誓我不明白为什么。我认为这是 md5 中的错误,但它也不适用于 sha1。我知道两者都不安全,但现在我必须使用其中之一。我该如何解决?提前致谢
<?php
$dbconn = pg_connect("host=localhost port=5432 dbname=progetto user=postgres password=password")
or die('Could not connect:' . pg_last_error());
if(!(isset($_POST['changeButton']))){
header("Location: utente.php");
}else{
$email = $_COOKIE["cookieEmail"];
$oldPassword = sha1($_POST['oldpassword']);
$q1="select * from utente where email = and password = ";
$result=pg_query_params($dbconn,$q1,array($email, $oldPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Old password wrong</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
$newPassword = sha1($_POST['newpassword']);
$q2 = "update utente set password= where email=";
$result=pg_query_params($dbconn, $q2, array($newPassword, $email));
if($result==true){
$q3="select * from utente where email = and password = ";
$result=pg_query_params($dbconn,$q3,array($email, $newPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Error</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
header("Location: utente.php");
}
}else{
echo "<h1>Error 2</h1>
<a href=formCambiaPassword.php>Click here</a>";
}
}
}
?>
您的 if 语句在本应检查 false 时查找 true。
if(!pg_fetch_array($result ,null ,PGSQL_ASSOC)){
您的代码应如下所示:
<?php
$dbconn = pg_connect("host=localhost port=5432 dbname=progetto user=postgres password=password")
or die('Could not connect:' . pg_last_error());
if(!(isset($_POST['changeButton']))){
header("Location: utente.php");
}else{
$email = $_COOKIE["cookieEmail"];
$oldPassword = sha1($_POST['oldpassword']);
$q1="select * from utente where email = and password = ";
$result=pg_query_params($dbconn,$q1,array($email, $oldPassword));
if(!pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Old password wrong</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
$newPassword = sha1($_POST['newpassword']);
$q2 = "update utente set password= where email=";
$result=pg_query_params($dbconn, $q2, array($newPassword, $email));
if($result==true){
$q3="select * from utente where email = and password = ";
$result=pg_query_params($dbconn,$q3,array($email, $newPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Error</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
header("Location: utente.php");
}
}else{
echo "<h1>Error 2</h1>
<a href=formCambiaPassword.php>Click here</a>";
}
}
}
?>
我正在写一个 PHP 文件来允许用户更改他们的密码,但我遇到了一个奇怪的问题。我需要旧密码来确认帐户和新密码。鉴于凭据正确,此页面总是 returns 我认为用户密码不正确,因此 returns 第 12 行的回显 "Old password wrong"。如果我在 pgAdmin 查询工具中启动 "select * from utente" 来查看密码,我在密码框中看不到任何更改。然后,如果我返回表单更改密码,如果我在旧密码框中输入我之前想更改的新密码,但似乎没有被接受,因为以前没有识别出旧密码,程序成功。我发誓我不明白为什么。我认为这是 md5 中的错误,但它也不适用于 sha1。我知道两者都不安全,但现在我必须使用其中之一。我该如何解决?提前致谢
<?php
$dbconn = pg_connect("host=localhost port=5432 dbname=progetto user=postgres password=password")
or die('Could not connect:' . pg_last_error());
if(!(isset($_POST['changeButton']))){
header("Location: utente.php");
}else{
$email = $_COOKIE["cookieEmail"];
$oldPassword = sha1($_POST['oldpassword']);
$q1="select * from utente where email = and password = ";
$result=pg_query_params($dbconn,$q1,array($email, $oldPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Old password wrong</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
$newPassword = sha1($_POST['newpassword']);
$q2 = "update utente set password= where email=";
$result=pg_query_params($dbconn, $q2, array($newPassword, $email));
if($result==true){
$q3="select * from utente where email = and password = ";
$result=pg_query_params($dbconn,$q3,array($email, $newPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Error</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
header("Location: utente.php");
}
}else{
echo "<h1>Error 2</h1>
<a href=formCambiaPassword.php>Click here</a>";
}
}
}
?>
您的 if 语句在本应检查 false 时查找 true。
if(!pg_fetch_array($result ,null ,PGSQL_ASSOC)){
您的代码应如下所示:
<?php
$dbconn = pg_connect("host=localhost port=5432 dbname=progetto user=postgres password=password")
or die('Could not connect:' . pg_last_error());
if(!(isset($_POST['changeButton']))){
header("Location: utente.php");
}else{
$email = $_COOKIE["cookieEmail"];
$oldPassword = sha1($_POST['oldpassword']);
$q1="select * from utente where email = and password = ";
$result=pg_query_params($dbconn,$q1,array($email, $oldPassword));
if(!pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Old password wrong</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
$newPassword = sha1($_POST['newpassword']);
$q2 = "update utente set password= where email=";
$result=pg_query_params($dbconn, $q2, array($newPassword, $email));
if($result==true){
$q3="select * from utente where email = and password = ";
$result=pg_query_params($dbconn,$q3,array($email, $newPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Error</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
header("Location: utente.php");
}
}else{
echo "<h1>Error 2</h1>
<a href=formCambiaPassword.php>Click here</a>";
}
}
}
?>