Hight.php完整代码如下:
<?php if (isset($_GET['Change'])) { // Turn requests into variables $pass_curr = $_GET['password_current']; $pass_new = $_GET['password_new']; $pass_conf = $_GET['password_conf']; // Sanitise current password input $pass_curr = stripslashes( $pass_curr ); $pass_curr = mysql_real_escape_string( $pass_curr ); $pass_curr = md5( $pass_curr ); // Check that the current password is correct $qry = "SELECT password FROM `users` WHERE user='admin' AND password='$pass_curr';"; $result = mysql_query($qry) or die('<pre>' . mysql_error() . '</pre>' ); if (($pass_new == $pass_conf) && ( $result && mysql_num_rows( $result ) == 1 )){ $pass_new = mysql_real_escape_string($pass_new); $pass_new = md5($pass_new); $insert="UPDATE `users` SET password = '$pass_new' WHERE user = 'admin';"; $result=mysql_query($insert) or die('<pre>' . mysql_error() . '</pre>' ); $html .= "<pre> Password Changed </pre>"; mysql_close(); } else{ $html .= "<pre> Passwords did not match or current password incorrect. </pre>"; } } ?>