仅当更改密码时,才在数据库中编辑用户更改密码。我在这里缺少什么?
Edit user in DB change password only if password is changed. What I am missing here?
我正在使用 PHP 8.x 和一个管理控制面板,我想要实现的是如果我想编辑 user1 并且“密码”和“确认密码”字段为空“密码" 不应更改数据库中的行。
波纹管是我当前使用的 PHP 代码,但如果“密码”和“确认密码”字段为空行,数据库中的“密码”将更改为“0”空,用户将是能够在登录表单上使用 EMPTY 密码登录。
代码在这里:
if (isset($_POST['submit']))
{
extract($_POST);
if ($username == '')
{
$error[] = 'Please enter the username.';
}
if (strlen($password) > 0)
{
if ($password == '')
{
$error[] = 'Please enter the password.';
}
if (strlen($password) < 6)
{
$error[] = 'Please use a password that is at least 6 characters long';
}
if ($passwordConfirm == '')
{
$error[] = 'Please confirm the password.';
}
if ($password != $passwordConfirm)
{
$error[] = 'Passwords do not match.';
}
}
if ($email == '')
{
$error[] = 'Please enter the email address.';
}
if ($role == '')
{
$error[] = 'Please confirm the roles.';
}
if (!isset($error))
{
try
{
if (isset($password))
{
$hashedpassword = $user->password_hash($password, PASSWORD_BCRYPT);
//update into database
if ($role == 'admin' || $role == 'manager') $private = 'yes';
if ($role == 'user') $private = 'No';
$stmt = $db->prepare('UPDATE web_users SET username = :username, password = :password, email = :email, role = :role, private = :private WHERE memberID = :memberID');
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email,
':role' => $role,
':private' => $private,
':memberID' => $memberID
));
}
else
{
//update database
if ($role == 'admin' || $role == 'manager') $private = 'yes';
if ($role == 'user') $private = 'No';
$stmt = $db->prepare('UPDATE web_users SET username = :username, email = :email, role = :role, private = :private WHERE memberID = :memberID');
$stmt->execute(array(
':username' => $username,
':email' => $email,
':role' => $role,
':private' => $private,
':memberID' => $memberID
));
}
//redirect to index page
header('Location: users.php?action=updated');
exit;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
}
?>
这个逻辑是有缺陷的。您首先检查是否 strlen($password) > 0
,如果为真,则检查是否 $password == ''
,如果为真,则仅记录密码输入为空的错误。
if (strlen($password) > 0)
{
if ($password == '')
{
$error[] = 'Please enter the password.';
}
if (strlen($password) < 6)
{
$error[] = 'Please use a password that is at least 6 characters long';
}
if ($passwordConfirm == '')
{
$error[] = 'Please confirm the password.';
}
if ($password != $passwordConfirm)
{
$error[] = 'Passwords do not match.';
}
}
$password == ''
永远不会为真,因为要使它为真,它的长度必须大于 0。换句话说,如果我是用户并将密码条目留空,if (strlen($password) > 0)
将导致错误,因为空密码条目的长度为 0,因此永远不会正确记录密码为空。
而不是做
if(isset($password)){
/// logic
}
这样做:
if(!empty($password)){
/// logic
}
我正在使用 PHP 8.x 和一个管理控制面板,我想要实现的是如果我想编辑 user1 并且“密码”和“确认密码”字段为空“密码" 不应更改数据库中的行。
波纹管是我当前使用的 PHP 代码,但如果“密码”和“确认密码”字段为空行,数据库中的“密码”将更改为“0”空,用户将是能够在登录表单上使用 EMPTY 密码登录。
代码在这里:
if (isset($_POST['submit']))
{
extract($_POST);
if ($username == '')
{
$error[] = 'Please enter the username.';
}
if (strlen($password) > 0)
{
if ($password == '')
{
$error[] = 'Please enter the password.';
}
if (strlen($password) < 6)
{
$error[] = 'Please use a password that is at least 6 characters long';
}
if ($passwordConfirm == '')
{
$error[] = 'Please confirm the password.';
}
if ($password != $passwordConfirm)
{
$error[] = 'Passwords do not match.';
}
}
if ($email == '')
{
$error[] = 'Please enter the email address.';
}
if ($role == '')
{
$error[] = 'Please confirm the roles.';
}
if (!isset($error))
{
try
{
if (isset($password))
{
$hashedpassword = $user->password_hash($password, PASSWORD_BCRYPT);
//update into database
if ($role == 'admin' || $role == 'manager') $private = 'yes';
if ($role == 'user') $private = 'No';
$stmt = $db->prepare('UPDATE web_users SET username = :username, password = :password, email = :email, role = :role, private = :private WHERE memberID = :memberID');
$stmt->execute(array(
':username' => $username,
':password' => $hashedpassword,
':email' => $email,
':role' => $role,
':private' => $private,
':memberID' => $memberID
));
}
else
{
//update database
if ($role == 'admin' || $role == 'manager') $private = 'yes';
if ($role == 'user') $private = 'No';
$stmt = $db->prepare('UPDATE web_users SET username = :username, email = :email, role = :role, private = :private WHERE memberID = :memberID');
$stmt->execute(array(
':username' => $username,
':email' => $email,
':role' => $role,
':private' => $private,
':memberID' => $memberID
));
}
//redirect to index page
header('Location: users.php?action=updated');
exit;
}
catch(PDOException $e)
{
echo $e->getMessage();
}
}
}
?>
这个逻辑是有缺陷的。您首先检查是否 strlen($password) > 0
,如果为真,则检查是否 $password == ''
,如果为真,则仅记录密码输入为空的错误。
if (strlen($password) > 0)
{
if ($password == '')
{
$error[] = 'Please enter the password.';
}
if (strlen($password) < 6)
{
$error[] = 'Please use a password that is at least 6 characters long';
}
if ($passwordConfirm == '')
{
$error[] = 'Please confirm the password.';
}
if ($password != $passwordConfirm)
{
$error[] = 'Passwords do not match.';
}
}
$password == ''
永远不会为真,因为要使它为真,它的长度必须大于 0。换句话说,如果我是用户并将密码条目留空,if (strlen($password) > 0)
将导致错误,因为空密码条目的长度为 0,因此永远不会正确记录密码为空。
而不是做
if(isset($password)){
/// logic
}
这样做:
if(!empty($password)){
/// logic
}