【发布时间】:2016-08-18 19:43:42
【问题描述】:
这是我的代码,我想用给定的新密码$new_password 更新密码,用$new_password2 验证它并检查当前给定的密码是否与$old_password 匹配。
<?php
if (isset($_POST['submit'])) {
//validations
$required_fields = array("username", "old_password", "password", "password2");
validate_presences($required_fields);
$fields_with_max_lengths = array("username" => 30);
validate_max_lengths($fields_with_max_lengths);
if(empty($errors)) {
//process the form
$id = $admin["id"];
$username = mysql_prep($_POST["username"]);
$new_password = password_encrypt($_POST["password"]);
$old_password = password_encrypt($_POST["old_password"]);
$new_password2 = password_encrypt($_POST["password2"]);
您必须提供的两个密码必须彼此相等才能更改密码。所有三个密码都经过哈希处理。需要$new_password 和$new_password2 来验证新密码。 $old_password 也必须更新为$new_password。如果 id 等于数据库中的 id 并且 $old_password 与当前的 $old_password 匹配,则必须更改它。
if ($new_password == $new_password2) {
//update
$query = "UPDATE admins SET ";
$query .= "username = '{$username}', ";
$query .= "password = '{$new_password}', ";
$query .= "old_password = '{$new_password}', ";
$query .= "password2 = '{$new_password}' ";
$query .= "WHERE id = {$id} ";
$query .= "AND old_password = '{$old_password}' ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) == 1) {
//success
$_SESSION["message"] = "Admin updated.";
redirect_to("manage_admins.php");
} else {
//failure
$_SESSION["message"] = "Admin update failed1";
}
} else {
$_SESSION["message"] = "Admin update failed2";
}
} else {
$_SESSION["message"] = "Admin update failed3";
}
} else {
}
?>
【问题讨论】:
-
你遇到了什么问题?
-
什么是
password_encrypt?你的意思是password_hash? -
它告诉我我有一个错误 if($new_password == $new_password2){ }
-
是的,password_encrypt 是对数据库中发布的凭据进行哈希处理。
标签: php hash hashtable login-control