pgadmin上用php修改密码的问题

问题描述 投票:0回答:1

我正在写一个PHP文件,让用户修改密码,但我遇到一个奇怪的问题。我需要旧密码来确认账户和新密码。鉴于凭证是正确的,这个页面总是给我返回用户的密码是不正确的,因此在第12行返回回音 "旧密码错误"。如果我在pgAdmin查询工具中发起 "select * from utente "来查看密码,在密码框中没有看到任何变化。然后,如果我回到表单中修改密码,如果我在旧密码框中输入我之前想修改的新密码,但似乎没有被接受,因为旧密码之前没有被识别,程序就成功了。我发誓我不明白为什么。我以为是md5的bug,但是用sha1也不行。我知道这两种方法都不安全,但现在我必须使用其中一种。我该如何解决这个问题?先谢谢你

<?php
    $dbconn = pg_connect("host=localhost port=5432 dbname=progetto user=postgres password=password")
    or die('Could not connect:' . pg_last_error());
    if(!(isset($_POST['changeButton']))){
        header("Location: utente.php");
    }else{
        $email = $_COOKIE["cookieEmail"];
        $oldPassword = sha1($_POST['oldpassword']);
        $q1="select * from utente where email = $1 and password = $2";
        $result=pg_query_params($dbconn,$q1,array($email, $oldPassword));
        if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
            echo "<h1>Old password wrong</h1>
            <a href=formCambiaPassword.php>Click here</a>";
        }else{
            $newPassword = sha1($_POST['newpassword']);
            $q2 = "update utente set password=$1 where email=$2";
            $result=pg_query_params($dbconn, $q2, array($newPassword, $email));
            if($result==true){
                $q3="select * from utente where email = $1 and password = $2";
                $result=pg_query_params($dbconn,$q3,array($email, $newPassword));
                if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
                    echo "<h1>Error</h1>
                    <a href=formCambiaPassword.php>Click here</a>";
                }else{
                    header("Location: utente.php");
                }
            }else{
                echo "<h1>Error 2</h1>
                        <a href=formCambiaPassword.php>Click here</a>";
            }
        }
    }
?>
php mysql pgadmin change-password phppgadmin
1个回答
0
投票

你的if语句在寻找true,而它应该检查false。

if(!pg_fetch_array($result ,null ,PGSQL_ASSOC)){

你的代码应该如下。

<?php
$dbconn = pg_connect("host=localhost port=5432 dbname=progetto user=postgres password=password")
or die('Could not connect:' . pg_last_error());
if(!(isset($_POST['changeButton']))){
    header("Location: utente.php");
}else{
    $email = $_COOKIE["cookieEmail"];
    $oldPassword = sha1($_POST['oldpassword']);
    $q1="select * from utente where email = $1 and password = $2";
    $result=pg_query_params($dbconn,$q1,array($email, $oldPassword));
    if(!pg_fetch_array($result ,null ,PGSQL_ASSOC)){
        echo "<h1>Old password wrong</h1>
        <a href=formCambiaPassword.php>Click here</a>";
    }else{
        $newPassword = sha1($_POST['newpassword']);
        $q2 = "update utente set password=$1 where email=$2";
        $result=pg_query_params($dbconn, $q2, array($newPassword, $email));
        if($result==true){
            $q3="select * from utente where email = $1 and password = $2";
            $result=pg_query_params($dbconn,$q3,array($email, $newPassword));
            if($line=pg_fetch_array($result ,null ,PGSQL_ASSOC)){
                echo "<h1>Error</h1>
                <a href=formCambiaPassword.php>Click here</a>";
            }else{
                header("Location: utente.php");
            }
        }else{
            echo "<h1>Error 2</h1>
                    <a href=formCambiaPassword.php>Click here</a>";
        }
    }
}
?>
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.