这段代码总是说旧密码不正确?
This piece of code always says that the old password is incorrect?
我正在尝试创建一个密码更改工具,要求用户输入他的旧密码、新密码并确认新密码。如果旧密码与数据库匹配,则会更新密码。否则声明说旧密码不正确。但是这段代码总是说旧密码是 incorrect.Can 有人发现这段代码中的错误了吗?我正在使用 md5 程序在用户注册时存储密码。跟这个有关系吗?请原谅我冗长的代码。我还是个初学者。谢谢 :)
HTML
<div class="col-sm-4">
<h1 class="register-title">Change Password</h1>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post" class="register">
<input type="password" name="oldpassword" class="register-input" placeholder="Enter Old Password">
<input type="password" name="newpassword" class="register-input" placeholder="Enter New Password">
<input type="password" name="password2" class="register-input" placeholder="Confirm New Password">
<input type="submit" name="submit1" value="Update Password" class="register-button">
</form>
</div>
PHP
<?php
if (isset($_POST['submit1'])) {
$oldpassword=$_POST['oldpassword'];
$newpassword=$_POST['newpassword'];
$password2=$_POST['password2'];
//$password=md5($password);
$connect = mysqli_connect('localhost', 'root', '', 'blood'); if (mysqli_connect_errno()) echo "Failed to connect to MySQL: " . mysqli_connect_error();
$query12 = "select password from users WHERE uid = '$uid'";
$query13 = "UPDATE users SET password='$newpassword' WHERE uid = '$uid'";
$result12=mysqli_query($connect,$query12) or die('Error, query failed');
if (mysqli_num_rows($result12) == 0) {
echo 'Database is empty <br>';
} elseif ($result12) {
while ($row = mysqli_fetch_array($result12)) {
if ($oldpassword == $row["password"]) {
$result13=mysqli_query($connect,$query13) or die('Error, query failed');
} else {
echo "incorrect old password";
}
}
}
}?>
如果你说存储密码时使用md5,那么你认为password将存储什么值?当然是哈希值。
所以如果 $row["password"] 有散列值而你的 $_POST['oldpassword'] 是 不是 散列的,那么你期望什么?
正确的比较方式应该是:
if (md5($oldpassword) == $row["password"])
顺便说一下,使用 md5 不再 不安全。
我正在尝试创建一个密码更改工具,要求用户输入他的旧密码、新密码并确认新密码。如果旧密码与数据库匹配,则会更新密码。否则声明说旧密码不正确。但是这段代码总是说旧密码是 incorrect.Can 有人发现这段代码中的错误了吗?我正在使用 md5 程序在用户注册时存储密码。跟这个有关系吗?请原谅我冗长的代码。我还是个初学者。谢谢 :)
HTML
<div class="col-sm-4">
<h1 class="register-title">Change Password</h1>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post" class="register">
<input type="password" name="oldpassword" class="register-input" placeholder="Enter Old Password">
<input type="password" name="newpassword" class="register-input" placeholder="Enter New Password">
<input type="password" name="password2" class="register-input" placeholder="Confirm New Password">
<input type="submit" name="submit1" value="Update Password" class="register-button">
</form>
</div>
PHP
<?php
if (isset($_POST['submit1'])) {
$oldpassword=$_POST['oldpassword'];
$newpassword=$_POST['newpassword'];
$password2=$_POST['password2'];
//$password=md5($password);
$connect = mysqli_connect('localhost', 'root', '', 'blood'); if (mysqli_connect_errno()) echo "Failed to connect to MySQL: " . mysqli_connect_error();
$query12 = "select password from users WHERE uid = '$uid'";
$query13 = "UPDATE users SET password='$newpassword' WHERE uid = '$uid'";
$result12=mysqli_query($connect,$query12) or die('Error, query failed');
if (mysqli_num_rows($result12) == 0) {
echo 'Database is empty <br>';
} elseif ($result12) {
while ($row = mysqli_fetch_array($result12)) {
if ($oldpassword == $row["password"]) {
$result13=mysqli_query($connect,$query13) or die('Error, query failed');
} else {
echo "incorrect old password";
}
}
}
}?>
如果你说存储密码时使用md5,那么你认为password将存储什么值?当然是哈希值。
所以如果 $row["password"] 有散列值而你的 $_POST['oldpassword'] 是 不是 散列的,那么你期望什么?
正确的比较方式应该是:
if (md5($oldpassword) == $row["password"])
顺便说一下,使用 md5 不再 不安全。