HTML PHP MYSQL修改密码 - HTML PHP MYSQL Change Password

嗨，我有这个http://kramansronet.comze.com/

当您在页面的成员部分我如何添加一个更改密码字段?

这是我的会员登录页面

  <?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>  
<body>  
<div id="main">
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
     ?>
    <h1>Member Area</h1>
     <p>Thanks for logging in! Your username is <b><?=$_SESSION['Username']?></b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p><br>
     <h3>Account Tools:</h3>
     Username: <?=$_SESSION['Username']?><br>
     Password: <?=$_SESSION['password']?><br>
     Email: <?=$_SESSION['EmailAddress']?><br>
     Account Type: <?=$_SESSION['accounttype']?><br>

    <ul>
        <li><a href="logout.php">Logout.</a></li>
    </ul>
    <?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
     $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));
     $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
    if(mysql_num_rows($checklogin) == 1)
    {
         $row = mysql_fetch_array($checklogin);
        $email = $row['EmailAddress'];
        $accounttype = $row['accounttype'];
        $_SESSION['Username'] = $username;
        $_SESSION['EmailAddress'] = $email;
        $_SESSION['accounttype'] = $accounttype;
        $_SESSION['LoggedIn'] = 1;
         echo "<h1>Success</h1>";
        echo "<p>Please Refresh your browser to go to memeber page.</p>";
        echo "<meta http-equiv='refresh' content='=2;index.php' />";
    }
    else
    {
         echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href='"index.php'">click here to try again</a>.</p>";
    }
}
else
{
    ?>
   <h1>Member Login</h1>
   <p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>
    <form method="post" action="index.php" name="loginform" id="loginform">
    <fieldset>
        <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
        <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
        <input type="submit" name="login" id="login" value="Login" />
    </fieldset>
    </form>
   <?php
}
?>
</div>
</body>
</html>

该页面应要求用户输入其当前密码(作为安全预防措施)和两个进一步的输入字段，以再次输入新密码，作为预防措施。

这是在HTML中使用input字段和password类型在form中完成的。

然后，在PHP中，检查给定的密码是否属于当前登录的用户(来自会话)。如果是这种情况，并且两个新密码都匹配，也就是说，用户没有键入任何一个密码，则使用SQL UPDATE语句更新数据库。

通常在处理密码时，应该使用适当的散列。

你一定做了一个注册表。因此，合并更改密码应该非常简单。在成员设置页面(或其他)简单地给出3个输入字段。他们就是施所说的。也应该有一个提交按钮。表单应该有类似" changpassword。php"的动作发布所有3个字段。查询数据库的当前密码，如果它匹配，只需

UPDATE users SET password = '$newpass' WHERE username = '$username'