【发布时间】:2015-11-05 07:52:19
【问题描述】:
此 SQL 旨在在人们更改提交“更改密码”页面后运行。他们将填写“newpw”和“confirmpw”并提交页面。 SQL 用于检查是否 newpw == confirmpw,如果匹配,则更新登录表中的密码,并将其重定向回他们的玩家资料。如果它们不匹配,它会将它们带回更改密码。
我的问题是,即使它们匹配,它仍然让我回到 change-password.php,更烦人的是,第二次,它似乎放弃了播放器的“pid”。
一切对我来说都是正确的,所以我想我需要一些新的眼光......知道问题是什么吗?
// Parse the form data and add inventory item to the system
if ($_POST['test'])
{
if ($_POST["newpw"] == $_POST["confirmpw"]) {
$pid = $_SESSION["pid"];
$new = mysql_real_escape_string($_POST['confirmpw']);
$sql = mysql_query("UPDATE logins SET password='$new' WHERE username='$player'");
$confirmation = "Thank You; your password has now been changed.";
echo "<SCRIPT LANGUAGE='JavaScript'>
window.alert('$confirmation')
window.location.href='playerparent-profile.php?pid=$pid';
</SCRIPT>";
exit();
} else {
header("location: change-password.php?pid=$pid");
}
}
?>
html
<form action="change-password.php?pid=<?=$pid?>" enctype="multipart/form-data" name="myForm" id="myForm" method="post">
<div class="clearfix colelem" id="pu20726"><!-- group -->
<div class="grpelem" id="u20726"><!-- simple frame --></div>
<div class="clearfix grpelem" id="u20724"><!-- group -->
<div class="clearfix grpelem" id="u20725-4"><!-- content -->
<p>CHANGE PASSWORD</p>
</div>
</div>
</div>
<div class="clearfix colelem" id="pu20727-4"><!-- group -->
<div class="clearfix grpelem" id="u20727-4"><!-- content -->
<p>OLD PASSWORD:</p>
</div>
<div class="grpelem"><input type="text" required id="u20729" name="oldpw" title="Fill in your old password. This field is required" class="form-element form-element-medium text-element" /><!-- simple frame --></div>
</div>
<div class="clearfix colelem" id="pu20728-4"><!-- group -->
<div class="clearfix grpelem" id="u20728-4"><!-- content -->
<p>NEW PASSWORD:</p>
</div>
<div class="grpelem" ><input type="password" required id="u20730" name="newpw" title="Fill in your old password. This field is required" class="form-element form-element-medium text-element" /><!-- simple frame --></div>
</div>
<div class="clearfix colelem" id="pu20733-4"><!-- group -->
<div class="clearfix grpelem" id="u20733-4"><!-- content -->
<p>CONFIRM NEW PASSWORD:</p>
</div>
<div class="grpelem"><input type="password" required id="u20735" name="confirmpw" title="Fill in your old password. This field is required" class="form-element form-element-medium text-element" /><!-- simple frame --></div>
</div>
<div class="colelem" id="u20737"><!-- simple frame --></div>
</div>
<div class="clearfix grpelem" id="u20738"><!-- group -->
<div class="clearfix grpelem" id="u20739-4"><!-- content -->
<p><a href="#" name="test" onclick="document.getElementById('myForm').submit();">Change Password</a> <?=$pid?><p>
</form>
【问题讨论】:
-
我认为您没有字段“test”来获取值 $_POST['test']
-
不相关,但您应该在存储密码之前对其进行加盐和哈希处理。
-
@Chandu 好吧,我收回我说的话。你是对的!我创建了一个隐藏字段并给测试值 1,现在一切正常!如果您实际上可以将其作为答案提交以便我投票,那就太好了:)
-
我肯定会把它作为答案
标签: javascript php sql