我正在尝试写一个密码更改脚本。一切都很顺利。排除这一点。它告诉我它是成功的,但没有任何变化。我的mysql中的加密代码没有任何变化,而且当我尝试登录时,我不能使用新密码,只能使用旧密码。以下是代码
<?php
session_start();
require_once('inc/functions.inc.php');
if (!isset($_POST['submit'])) {
die(header("Location: settings.php"));
}
if (isset($_SESSION['updatePasswordError'])) {
unset($_SESSION['updatePasswordError']);
}
$_SESSION['updatePasswordError'] = array();
if (isset($_SESSION['updatePasswordSuccess'])) {
unset($_SESSION['updatePasswordSuccess']);
}
$_SESSION['updatePasswordSuccess'] = array();
if (strlen($_POST['newpassword']) < 8) {
$_SESSION['updatePasswordError'][] = "New Password must be at least 8 characters";
}
else if ($_POST['newpassword'] != $_POST['confirmnewpassword']) {
$_SESSION['updatePasswordError'][] = "Passwords don’t match";
}
$mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB);
if ($mysqli->connect_errno) {
error_log("Cannot connect to MySQL: " .
$mysqli->connect_error);
return false;
}
$incomingOldPassword = $mysqli->real_escape_string(htmlspecialchars($_POST['currentpassword']));
$query = "SELECT * from Customer WHERE id = '{$user->id}'";
if (!$result = $mysqli->query($query)) {
$_SESSION['updatePasswordError'][] = "Select Error. Try Again";
error_log("Cannot retrieve account for {$user}");
return false;
}
// Will be only one row, so no while() loop needed
$row = $result->fetch_assoc();
$dbPassword = $row['password'];
if (crypt($incomingOldPassword,$dbPassword) != $dbPassword) {
$_SESSION['updatePasswordError'][] = "Old Password Incorrect";
}
if (count($_SESSION['updatePasswordError']) > 0) {
die(header("Location: settings.php"));
} else {
$cryptednewPassword = crypt($_POST['newpassword']);
$newPassword = $mysqli->real_escape_string($cryptednewPassword);
$result = "$updatePassword($newPassword)";
if ($result) {
$_SESSION['updatePasswordSuccess'] [] = "Successfully Updated";
die(header("Location: settings.php"));
} else {
die(header("Location: settings.php"));
}
}
function updatePassword($newPassword) {
$mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DB);
$query = "UPDATE customer SET password = ? WHERE id = $user->id";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("s", $newPassword);
$result = $stmt->execute();
$mysqli->close();
return $result;
}
?>
如果我尝试使用错误的密码、不匹配的密码或少于8个字符,则会出现错误。但除此之外,一切似乎都很好
发布于 2019-03-05 04:07:34
您没有调用updatePassword()
函数。这一行:
$result = "$updatePassword($newPassword)";
不调用函数。它只创建一个包含变量$updatePassword
和$newPassword
的值的字符串。因为$updatePassword
不存在,所以它等同于写:
$result = "($newPassword)";
您还应该收到一条关于未定义变量的警告消息。
调用函数的方法是:
$result = updatePassword($newPassword);
您不会将函数调用放在引号中,也不会将$
放在函数名之前。
您还需要在主脚本中设置$user
,并将其作为参数传递给函数或在函数中使用global $user;
。
https://stackoverflow.com/questions/54990654
复制相似问题