let user change their own password?

2019-05-20 04:19发布

站内文章 / PHP
10 0 0

问题:

I am just starting to learn php and sql so please go easy on me, i know i'm going to be wrong in certain places. I am trying to allow a user to login and be able to change their password. I have made an attempt of a script which i believe should work, but i guess i'm doing something wrong as it will just link to the php function page and not change the password at all. Here's my script:

HTML form:

<form method="POST" action="includes/changepassword.php">
<p><input type="password" name="oldpasswd" id="oldpasswd" maxlength="30" placeholder="Old Password"></p>
<p><input type="password" name="newpsswd1" id="newpsswd1" maxlength="30" placeholder="New Password"></p>
<p><input type="password" name="newpsswd2" id="newpsswd2"maxlength="30" placeholder="Confirm Password"></p>
<input type="submit" name="submit" id="submit" value="change password">

changepassword.php file:

 <?php
require_once("session.php"); 
require_once("functions.php");
require('_config/connection.php');
function changepassword ($oldpasswd, $newpasswd1, $newpasswd2) {
    /*
     * RETURNS
     * 0 - if password changed
     * 1 - if new passwords are not equal
     * 2 - if user authentification problems
     */


        $oldpasswd = ($_POST['oldpasswd']);
        $newpasswd1 = ($_POST['newpasswd1']);
        $newpasswd1 = ($_POST['newpasswd2']);




    if ($newpasswd1 != $newpasswd2) {
        return 1;
    }

    //check user logged in changes OWN passwd
    $sql = "SELECT password FROM ptb_users WHERE id = ".$_SESSION['user_id'];
    $result = mysql_query($sql)or die('User not found: ' . mysql_error());

    if (md5($oldpasswd)==$result) { 

        //Encrypt $emailpassword in MD5 format for the database
        $md5_np=md5($newpasswd1);

        // Make a safe query
        $query = sprintf("UPDATE `ptb_users` SET `password` = '%s' 
                    WHERE `id` = ".$_SESSION['user_id'],
                    mysql_real_escape_string($md5_np));

        mysql_query($query)or die('Could not update password: ' . mysql_error());
        return 0;
    } else {
        return 2;
    }


}   
?>

What have I done wrong?

回答1:

it will just link to the php function page and not change the password at all

You told the HTML form to do exactly that: <form method="POST" action="includes/changepassword.php">. But on the other hand, you never call your function.



回答2:

You need to call the function in order to process the change password. Add this to the bottom of your file just before the ?>

echo changepassword($_POST['oldpasswd'], $_POST['newpasswd1'], $_POST['newpasswd2']);

You can also remove the $_POST assignments within the function as you're passing those in as parameters.



回答3:

As poke mentioned you will need to call the function in order to update the password.
I think I found another problem in the following code: 

//check user logged in changes OWN passwd
$sql = "SELECT password FROM ptb_users WHERE id = ".$_SESSION['user_id'];
$result = mysql_query($sql)or die('User not found: ' . mysql_error());

if (md5($oldpasswd)==$result) {

You are directly using the result of the mysql_query() function which actually returns as a resource and not a value.

You will need to update your code to this:

//check user logged in changes OWN passwd
$sql = "SELECT password FROM ptb_users WHERE id = ".$_SESSION['user_id'];
$result = mysql_query($sql)or die('User not found: ' . mysql_error());
$row=mysql_fetch_assoc($result);
if (md5($oldpasswd)==$row['password']) {

See this function- mysql_fetch_assoc().



回答4:

Look for a tutorial about form handling, after a bit of searching if stumbled over this form tutorial, it looks easy to understand. You will see, that most forms call themself.

formchangepassword.html

<form action="formchangepassword.html" method="post">

At the begin of the form there is usually some code, that decides if the form was called with post (after pressing a button), or if it was called with get. In this code you can call the function you wrote in your CHANGEPASSWORD.PHP file. This file is just a library, it contains functions, you can call this function but they do not run themselfes, they have to be called.

<?php
  require_once("CHANGEPASSWORD.PHP");

  if(count($_POST) > 0)
  {
    // button was clicked, do what is necessary
    changepassword(...);
    ...
  }
?>
<form action="formchangepassword.html" method="post">
...
</form>


回答5:

The name of your form fields doesn't match what's listed in changepassword.php . You are missing an "a" in what should be "newpasswd1" and "newpasswd2" -- name=newpsswd1 should be newpasswd1 and so on.

Also you have "newpasswd1" listed twice

 $oldpasswd = ($_POST['oldpasswd']);
 $newpasswd**1** = ($_POST['newpasswd1']);
 $newpasswd**1** = ($_POST['newpasswd2']);

...I think you probably meant this...

 $oldpasswd = ($_POST['oldpasswd']);
 $newpasswd**1** = ($_POST['newpasswd1']);
 $newpasswd**2** = ($_POST['newpasswd2']);

I also incorporated the changes suggested by Pastor Bones and Abhishek Bhatia and it works fine now. (Also I a close form tag to the HTML)

Here's what the whole thing should look (as modified for my site):

HTML FORM

<form method="POST" action="changepassword.php">
<p><input type="password" name="oldpasswd" id="oldpasswd" maxlength="30" placeholder="Old Password"></p>
<p><input type="password" name="newpasswd1" id="newpasswd1" maxlength="30" placeholder="New Password"></p>
<p><input type="password" name="newpasswd2" id="newpasswd2"maxlength="30" placeholder="Confirm Password"></p>
<input type="submit" name="submit" id="submit" value="change password">
</form>

changepassword.php

function changepassword ($oldpasswd, $newpasswd1, $newpasswd2)
{
        $oldpasswd = ($_POST['oldpasswd']);
        $newpasswd1 = ($_POST['newpasswd1']);
        $newpasswd2 = ($_POST['newpasswd2']);

    if ($newpasswd1 != $newpasswd2)
    {
        return 1;
    }

    $sql = "SELECT Password FROM users WHERE UserID = ".$_SESSION['UserId'];
    $result = mysql_query($sql)or die('User not found: ' . mysql_error());
    $row=mysql_fetch_assoc($result);

    if (md5($oldpasswd)==$row['Password'])
    {
        $md5_np=md5($newpasswd1);
        $query = sprintf("UPDATE `users` SET `Password` = '%s' WHERE `UserID` ".$_SESSION['UserId'],mysql_real_escape_string($md5_np));

        mysql_query($query)or die('Could not update password: ' . mysql_error());
        return 0;
    }
    else
    {
        return 2;
    }
}   

echo changepassword($_POST['oldpasswd'], $_POST['newpasswd1'], $_POST['newpasswd2']);


标签: php sql passwords
举报

收藏的人(0)

Ta的文章 更多文章
登录 后发表评论
0条评论
还没有人评论过~