密码更改脚本

Question

好吧，所以我试图做一个密码更改脚本，我得到一些错误，所以我错了？ 这是我的格式文件：

<?php 
include_once('php_includes/check_login_status.php'); 
include_once('php_includes/db_conx.php'); 
if(isset($_SESSION["username"])){ 
echo ""; 

} 
else { 
header("location:login.php"); 
} 
?> 

<html> 
<head> 
<title>Password Change</title> 
</head> 
<body> 
<div id="form"> 
<form method="POST" id="form1" action="password_system.php"> 
<p>Current password: &nbsp; <input type="password" id="curpass" /> </p> 
<p>New password: &nbsp; <input type="password" id="newpass" /> </p> 
<p>Confirm new password: &nbsp; <input type="password" id="conpass" /> </p> 
<input type="submit" value="Submit"> 
</form></div> 
</body> 
</html> 

，这是更新password_system.php（动作脚本）：

<?php 
include_once('php_includes/check_login_status.php'); 
include_once('php_includes/db_conx.php'); 
if(isset($_SESSION["username"])){ 
echo ""; 

} 
else { 
header("location:login.php"); 
} 
$sql = "SELECT password FROM users WHERE username='$log_username'"; 
$query = mysqli_query($db_conx, $sql); 
$numrows = mysqli_num_rows($query); 
while ($row = $query->fetch_assoc()) { 
    $dbpass = $row['password']; 
} 
$query->free(); 
$curpass = md5($_POST['curpass']); 
$newpass = $_POST['newpass']; 
$conpass = $_POST['conpass']; 
if ($newpass != $conpass) { 
echo "Your passwords don't match!"; 
exit(); 
} else { 
echo "Ohkay"; 
$newpas = true; 
$newpassmd5ed = md5($newpass); 
} 
if ($curpass != $dbpass) { 
echo "Your current password is incorrent!"; 
exit(); 
} else { 
echo "Okay"; 
$curok = true; 
} 
if ($curok and $newpas == true) { 
$sql = "UPDATE users 
SET password = '$newpassmd5ed' 
WHERE username= '$log_username'"; 
$query = mysqli_query($db_conx, $sql); 
} 
?> 

现在我得到这样的：

OhkayYour当前密码的incorrent ！

check_login_status.php

<?php 
session_start(); 
include_once("db_conx.php"); 
// Files that inculde this file at the very top would NOT require 
// connection to database or session_start(), be careful. 
// Initialize some vars 
$user_ok = false; 
$log_id = ""; 
$log_username = ""; 
$log_password = ""; 
// User Verify function 
function evalLoggedUser($conx,$id,$u,$p){ 
    $sql = "SELECT ip FROM users WHERE id='$id' AND username='$u' AND password='$p' AND activated='1' LIMIT 1"; 
    $query = mysqli_query($conx, $sql); 
    $numrows = mysqli_num_rows($query); 
    if($numrows > 0){ 
     return true; 
    } 
} 
if(isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) { 
    $log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']); 
    $log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['username']); 
    $log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']); 
    // Verify the user 
    $user_ok = evalLoggedUser($db_conx,$log_id,$log_username,$log_password); 
} else if(isset($_COOKIE["id"]) && isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){ 
    $_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']); 
    $_SESSION['username'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user']); 
    $_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']); 
    $log_id = $_SESSION['userid']; 
    $log_username = $_SESSION['username']; 
    $log_password = $_SESSION['password']; 
    // Verify the user 
    $user_ok = evalLoggedUser($db_conx,$log_id,$log_username,$log_password); 
    if($user_ok == true){ 
     // Update their lastlogin datetime field 
     $sql = "UPDATE users SET lastlogin=now() WHERE id='$log_id' LIMIT 1"; 
     $query = mysqli_query($db_conx, $sql); 
    } 
} 

?> 

Answer 1

你使用的MySQLi不正确。

$query = mysqli_query($db_conx, $sql); 
$numrows = mysqli_num_rows($query); 
while ($row = $result->fetch_assoc($query)) { 
    echo $row['password']; 
} 

应该是：

$query = mysqli_query($db_conx, $sql); 
$numrows = mysqli_num_rows($query); 
while ($row = $query->fetch_assoc()) { 
    echo $row['password']; 
} 
$query->free();