わかりましたので、パスワード変更スクリプトを作成しようとしていますが、エラーが発生します。どこが間違っているのでしょうか? これは私のフォームドキュメントです:
<?php
include_once('php_includes/check_login_status.php');
include_once('php_includes/db_conx.php');
if(isset($_SESSION["username"])){
echo "";
}
else {
header("location:login.php");
}
?>
<html>
<head>
<title>Password Change</title>
</head>
<body>
<div id="form">
<form method="POST" id="form1" action="password_system.php">
<p>Current password: <input type="password" id="curpass" /> </p>
<p>New password: <input type="password" id="newpass" /> </p>
<p>Confirm new password: <input type="password" id="conpass" /> </p>
<input type="submit" value="Submit">
</form></div>
</body>
</html>
これは更新された password_system.php (アクション スクリプト) です。
<?php
include_once('php_includes/check_login_status.php');
include_once('php_includes/db_conx.php');
if(isset($_SESSION["username"])){
echo "";
}
else {
header("location:login.php");
}
$sql = "SELECT password FROM users WHERE username='$log_username'";
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
while ($row = $query->fetch_assoc()) {
$dbpass = $row['password'];
}
$query->free();
$curpass = md5($_POST['curpass']);
$newpass = $_POST['newpass'];
$conpass = $_POST['conpass'];
if ($newpass != $conpass) {
echo "Your passwords don't match!";
exit();
} else {
echo "Ohkay";
$newpas = true;
$newpassmd5ed = md5($newpass);
}
if ($curpass != $dbpass) {
echo "Your current password is incorrent!";
exit();
} else {
echo "Okay";
$curok = true;
}
if ($curok and $newpas == true) {
$sql = "UPDATE users
SET password = '$newpassmd5ed'
WHERE username= '$log_username'";
$query = mysqli_query($db_conx, $sql);
}
?>
私は今これを取得します:
オーケーあなたの現在のパスワードは間違っています!
check_login_status.php
<?php
session_start();
include_once("db_conx.php");
// Files that inculde this file at the very top would NOT require
// connection to database or session_start(), be careful.
// Initialize some vars
$user_ok = false;
$log_id = "";
$log_username = "";
$log_password = "";
// User Verify function
function evalLoggedUser($conx,$id,$u,$p){
$sql = "SELECT ip FROM users WHERE id='$id' AND username='$u' AND password='$p' AND activated='1' LIMIT 1";
$query = mysqli_query($conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows > 0){
return true;
}
}
if(isset($_SESSION["userid"]) && isset($_SESSION["username"]) && isset($_SESSION["password"])) {
$log_id = preg_replace('#[^0-9]#', '', $_SESSION['userid']);
$log_username = preg_replace('#[^a-z0-9]#i', '', $_SESSION['username']);
$log_password = preg_replace('#[^a-z0-9]#i', '', $_SESSION['password']);
// Verify the user
$user_ok = evalLoggedUser($db_conx,$log_id,$log_username,$log_password);
} else if(isset($_COOKIE["id"]) && isset($_COOKIE["user"]) && isset($_COOKIE["pass"])){
$_SESSION['userid'] = preg_replace('#[^0-9]#', '', $_COOKIE['id']);
$_SESSION['username'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['user']);
$_SESSION['password'] = preg_replace('#[^a-z0-9]#i', '', $_COOKIE['pass']);
$log_id = $_SESSION['userid'];
$log_username = $_SESSION['username'];
$log_password = $_SESSION['password'];
// Verify the user
$user_ok = evalLoggedUser($db_conx,$log_id,$log_username,$log_password);
if($user_ok == true){
// Update their lastlogin datetime field
$sql = "UPDATE users SET lastlogin=now() WHERE id='$log_id' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
}
}
?>