我正在写一个PHP文件,让用户修改密码,但我遇到一个奇怪的问题。我需要旧密码来确认账户和新密码。鉴于凭证是正确的,这个页面总是给我返回用户的密码是不正确的,因此在第12行返回回音 "旧密码错误"。如果我在pgAdmin查询工具中发起 "select * from utente "来查看密码,在密码框中没有看到任何变化。然后,如果我回到表单中修改密码,如果我在旧密码框中输入我之前想修改的新密码,但似乎没有被接受,因为旧密码之前没有被识别,程序就成功了。我发誓我不明白为什么。我以为是md5的bug,但是用sha1也不行。我知道这两种方法都不安全,但现在我必须使用其中一种。我该如何解决这个问题?先谢谢你
<?php
$dbconn = pg_connect("host=localhost port=5432 dbname=progetto user=postgres password=password")
or die('Could not connect:' . pg_last_error());
if(!(isset($_POST['changeButton']))){
header("Location: utente.php");
}else{
$email = $_COOKIE["cookieEmail"];
$oldPassword = sha1($_POST['oldpassword']);
$q1="select * from utente where email = $1 and password = $2";
$result=pg_query_params($dbconn,$q1,array($email, $oldPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Old password wrong</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
$newPassword = sha1($_POST['newpassword']);
$q2 = "update utente set password=$1 where email=$2";
$result=pg_query_params($dbconn, $q2, array($newPassword, $email));
if($result==true){
$q3="select * from utente where email = $1 and password = $2";
$result=pg_query_params($dbconn,$q3,array($email, $newPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Error</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
header("Location: utente.php");
}
}else{
echo "<h1>Error 2</h1>
<a href=formCambiaPassword.php>Click here</a>";
}
}
}
?>
你的if语句在寻找true,而它应该检查false。
if(!pg_fetch_array($result ,null ,PGSQL_ASSOC)){
你的代码应该如下。
<?php
$dbconn = pg_connect("host=localhost port=5432 dbname=progetto user=postgres password=password")
or die('Could not connect:' . pg_last_error());
if(!(isset($_POST['changeButton']))){
header("Location: utente.php");
}else{
$email = $_COOKIE["cookieEmail"];
$oldPassword = sha1($_POST['oldpassword']);
$q1="select * from utente where email = $1 and password = $2";
$result=pg_query_params($dbconn,$q1,array($email, $oldPassword));
if(!pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Old password wrong</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
$newPassword = sha1($_POST['newpassword']);
$q2 = "update utente set password=$1 where email=$2";
$result=pg_query_params($dbconn, $q2, array($newPassword, $email));
if($result==true){
$q3="select * from utente where email = $1 and password = $2";
$result=pg_query_params($dbconn,$q3,array($email, $newPassword));
if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
echo "<h1>Error</h1>
<a href=formCambiaPassword.php>Click here</a>";
}else{
header("Location: utente.php");
}
}else{
echo "<h1>Error 2</h1>
<a href=formCambiaPassword.php>Click here</a>";
}
}
}
?>