dongou4052 2014-07-29 13:15
浏览 11
已采纳

php代码不检查密码是否正确

For some reason my code is updating the players password without even seeing if there oldpassword was correct first i check it here "else if($pass!= mysql_result($result, 0))" but it doesn't work ??

php

 <?php
            session_start();
        if(!isset($_SESSION["sess_user"])){
            header("location: index");
        } else {
            $my_player = $_SESSION['sess_user'];
        }
        if(isset($_POST["sumbit"])){

            $link= mysql_connect ("localhost:8889","root","root")or die("Could not connect: ".mysql_error());
            mysql_select_db("register") or die(mysql_error());
            $pass = $_POST['pass'];
            $newpass = $_POST['newpass'];
            $confirmnewpass = $_POST['confirmnewpass'];
            $result = mysql_query("SELECT password FROM login WHERE username='$my_player'");
            if(!$result) {
            $alert = "Failure ";
            }
            else if($pass!= mysql_result($result, 0)) {
            $alert = "incorect password";
            }
            if($newpass==$confirmnewpass)
            $sql=mysql_query("UPDATE login SET password='$newpass' where username='$my_player'");
            if($sql) {
            $alert = "You just changed your password to $newpass";
            }
            else {
            $alert = "newpassword field not entered";
            }
        }
?>

html

<div class="container">
<form role="form" class="form-signin" action="" method="POST">
    <h1 class="text-left">Change Password</h1><p>for <?=$my_player;?></p>
    <input type="password" name="pass" placeholder="Enter your password" class="form-control" autofocus required><br/>
    <input type="password" name="newpass" placeholder="Enter new password" class="form-control" required><br/>
    <input type="password" name="confirmnewpass" placeholder="Re-Enter new password" class="form-control" required><br/>
    <input type="submit" name="sumbit" value="Update Password" class="btn btn-lg btn-primary btn-block"><br/>
    <?=$alert;?>
</form>
</div>
  • 写回答

2条回答 默认 最新

  • duanming0494 2014-07-29 13:29
    关注

    Try this:

    Add:

    $opass = mysql_fetch_array($result);

    After of:

    $result = mysql_query("SELECT password FROM login WHERE username='$my_player'");

    And replace:

    else if($pass!= mysql_result($result, 0)) {

    By:

    else if($pass!= $opass['password']) {

    Also, your code will not stop when you define an alert. You need to replace:

     $alert = "Alert";

    By:

    die("Alert");

    If nor, your code will continue even if an error occurs.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥20 易康econgnition精度验证
  • ¥15 线程问题判断多次进入
  • ¥15 msix packaging tool打包问题
  • ¥28 微信小程序开发页面布局没问题,真机调试的时候页面布局就乱了
  • ¥15 python的qt5界面
  • ¥15 无线电能传输系统MATLAB仿真问题
  • ¥50 如何用脚本实现输入法的热键设置
  • ¥20 我想使用一些网络协议或者部分协议也行,主要想实现类似于traceroute的一定步长内的路由拓扑功能
  • ¥30 深度学习,前后端连接
  • ¥15 孟德尔随机化结果不一致