有人可以请帮忙,我有这个更改密码脚本,允许用户更改他们的密码。在mysql中更改用户密码,检查旧密码匹配并强制新密码?
目前它允许用户更改他们的密码,尽管它们放在旧密码框中。有人可以告诉我怎样才能检查旧密码是否与'ptb_users.password'中存储的密码相匹配?
此外,它目前让用户设置他们的密码为空,有没有办法让我的密码和确认密码字段强制?
谢谢。
<?php
require_once("session.php");
require_once("functions.php");
require('_config/connection.php');
?>
<?php
session_start();
include '_config/connection.php';
$password = md5($_POST['password']);
$newpassword = md5($_POST['newpassword']);
$result = mysql_query("SELECT password FROM ptb_users WHERE id=".$_SESSION['user_id']." AND password = '".$password."'");
if(!$result)
{
echo "The username you entered does not exist or old password didn't match";
}
else
{
$sql=mysql_query("UPDATE ptb_users SET password='$newpassword' WHERE id=".$_SESSION['user_id']."");
}
if($sql)
{
echo "Thank You. Your Password has been successfully changed.";
}
?>
MD5被打破* *为散列密码。请使用更安全的密码散列函数。 – 2013-02-09 01:57:19
哦同样的问题由同一用户...多么惊喜;) – itsid 2013-02-09 04:36:34