首先要做的事情。我知道bcrypt是一个更好的选择,我确实有一个版本的代码有bcrypt它只是godaddy不支持bcrypt。所以我现在必须坚持使用这个版本。
所以我想要一个更新/更改用户密码的表单。当然它没有更新。
代码分为以下几种形式:
<?php
if(empty($_POST) === false) {
if(empty($_POST['current_password']) || empty($_POST['password']) || empty($_POST['password_again'])){
$errors[] = 'All fields are required';
}else if($bcrypt->verify($_POST['current_password'], $user['password']) === true) {
if (trim($_POST['password']) != trim($_POST['password_again'])) {
$errors[] = 'Your new passwords do not match';
} else if (strlen($_POST['password']) < 6) {
$errors[] = 'Your password must be at least 6 characters';
} else if (strlen($_POST['password']) >18){
$errors[] = 'Your password cannot be more than 18 characters long';
}
} else {
$errors[] = 'Your current password is incorrect';
}
}
if (isset($_GET['success']) === true && empty ($_GET['success']) === true ) {
echo '<p>Your password has been changed!</p>';
} else {?>
<h1>Change Password</h1>
<fieldset>
<legend>Log In</legend>
<?php
if (empty($_POST) === false && empty($errors) === true) {
$users->change_password($user['id'], $_POST['password']);
header('Location: change-password.php?success');
} else if (empty ($errors) === false) {
echo '<p>' . implode('</p><p>', $errors) . '</p>';
}
?>
<form action="" method="post">
<table border="0">
<tr>
<td width="200">
Current password:
</td>
<td>
<input type="password" name="current_password">
</td>
</tr>
<tr>
<td>
New password:
</td>
<td>
<input type="password" name="password">
</td>
</tr>
<tr>
<td>
New password again:
</td>
<td>
<input type="password" name="password_again">
</tr>
</table>
<br>
<input type="submit" value="Change password">
</form>
<?php
}
?>
</fieldset>
和php代码:
public function change_password($user_id, $password) {
//global $bcrypt;
/* Two create a Hash you do */
$timeNew = time();
$email_codeNew = hash("sha256", $username + microtime());
$password_hash = hash("sha256", $password);
$query = $this->db->prepare("UPDATE `users` SET `password` = ?, `email_code` = ?, `time` = ? WHERE `id` = ?");
$query->bindValue(1, $password_hash);
$query->bindValue(2, $email_codeNew);
$query->bindValue(3, $timeNew);
$query->bindValue(4, $user_id);
try{
$query->execute();
return true;
} catch(PDOException $e){
die($e->getMessage());
}
}
答案 0 :(得分:0)
我已经模拟了一个执行此操作的php页面 - 它也经过测试和工作,我想它可能是因为你使用的方式===很多在你的功能中我不确定返回这些功能因为它们不在这里,但希望如果您运行以下代码,您可以添加和调整您的代码
编辑测试当前密码始终只是密码,更改密码功能将始终通过。
<?php
/**
* @author - Sephedo
* @for - patgarci @ Stackoverflow
* @question - http://stackoverflow.com/questions/18728434/updating-the-password-in-the-database
*/
function verifyPassword( $password )
{
return ( $password == 'password' )? true : false;
}
function changePassword( $password )
{
return true;
}
if(! empty( $_POST ) )
{
// check if all of the fields exists and are not empty
if( empty( $_POST['current_password'] ) or empty( $_POST['password_new'] ) or empty( $_POST['password_again'] ) )
{
$errors[] = "All fields are required";
}
elseif( verifyPassword( $_POST['current_password'] ) ) // check if the password is valid.
{
$_POST['password_new'] = trim( $_POST['password_new'] );
$_POST['password_again'] = trim( $_POST['password_again'] );
// check for matching password
if( $_POST['password_new'] != $_POST['password_again'] ) $errors[] = "Your passwords do not match";
// check for min limit
if( strlen( $_POST['password_new'] ) < 6 ) $errors[] = "Your new password needs to be at least 6 characters";
// check for min limit
if( strlen( $_POST['password_new'] ) > 18 ) $errors[] = "Your new password needs to be at less than 18 characters";
// Make sure no errors have occured and change password returns true
if(! isset( $errors ) and ! changePassword( $_POST['password_new'] ) )
{
$errors[] = "An unknown error has occured, please try again";
}
}
else
{
$errors[] = "Your current password is invalid";
}
// DISPLAY ERRORS
if(! isset( $errors ) )
{
echo "<span>Your password has been changed!</span>";
}
else
{
foreach( (array) $errors as $error )
{
echo "<span>$error</span><br />";
}
}
}
?>
<form method="POST" >
<fieldset>
<legend>Change Password</legend>
<label for="current_password">Current Password</label> <input type="password" name="current_password" />
<label for="password_new">New Password</label> <input type="password" name="password_new" />
<label for="password_again">Current Password</label> <input type="password" name="password_again" />
<input type="submit" value="Save Changes" />
</fieldset>
</form>