Question

因为即时通讯在这里新用PHP并且不太了解，我的问题是我检查我的代码上的每个语法仍然我得到此错误“密码不匹配”即使数据库中的旧密码与我的旧密码匹配领域..希望你能帮助我，对不起我的坏格式我仍然是新手..

这是我的代码。

<?php


$submit = strip_tags($_POST['submit']); 

$username = strtolower(strip_tags($_POST['username']));


$oldpassword = strip_tags($_POST['oldpassword']);

$newpassword = strip_tags($_POST['newpassword']);

$firstname = strip_tags($_POST['first']);

$lastname = strip_tags($_POST['last']);

$gender = strip_tags($_POST['gender']);

$address = strip_tags($_POST['address']);

$zipcode = strip_tags($_POST['zip']);

$contact = strip_tags($_POST['con']);

$email = strip_tags($_POST['mail']);

error_reporting(0);



if($submit)
{

if($username&& $oldpassword && $newpassword && $firstname && $lastname && $address && $zipcode && $contact && $email)
{

$connect = mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("brightlights") or die(mysql_error());

$updatecheck = mysql_query("SELECT * FROM tb_user WHERE username='$username'");
$count = mysql_num_rows($updatecheck);
if($count<=1)
{

if($password==($oldpassword))
{

mysql_query("UPDATE tb_user SET
                username = '$username',
                password = '$newpassword',
                Firstname = '$firstname',
                Lastname = '$lastname',
                gender = '$gender',
                address = '$address',
                zipcode = '$zipcode',
                contact = '$contact',
                email = '$email'
                WHERE username='".$_SESSION['username']."'");
                $_SESSION['username'] = $username;
                $_SESSION['password'] = $newpassword;
                $_SESSION['Firstname'] = $firstname;
                $_SESSION['Lastname'] = $lastname;
                $_SESSION['gender'] = $gender;
                $_SESSION['address'] = $address;
                $_SESSION['zipcode'] = $zipcode;
                $_SESSION['contact'] = $contact;
                $_SESSION['email'] = $email;
                session_write_close();
                echo "Succesfully Updated!";

            }else
                echo "Password not match!";
        }else
            echo "Username already Taken!";
    }else
        echo "Please fill up all form!";



}           
?>

Answer 1

不是通过请求检索旧密码，而是从数据库中检索它。

$query = mysql_query("SELECT password FROM tb_user WHERE username='$username' LIMIT 1");
$count = mysql_num_rows($query);

if($count==1)
{
  $result = mysql_fetch_assoc($query);
  if($newpassword==$result["password"])
  {
......

作为旁注。持久/比较密码时始终使用哈希密码。本文介绍了其中的大部分内容：

http://phpsec.org/articles/2005/password-hashing.html

Answer 2

只需打印密码和oldpassword，然后检查内容：

print($password);
print($oldpassword);

if($password==($oldpassword))

为什么要封装旧密码？

Answer 3

使用

if($newpassword==$oldpassword)

的实例

if($password==($oldpassword))

我认为您的问题将得到解决。并尝试从数据库中获取oldpass。

PHP更新用户 - 错误“密码不匹配”

3 个答案: