我创建了一个PHP脚本,允许用户在我的网站上更改他们的密码一旦注册,但我得到一个错误,当我试图在网站上打开它。我相信这是由于我的语法错误,但我似乎无法发现它。谁能帮我看看有什么发现吗?脚本如下:
<?php
session_start();
$user = $_SESSION['username'];
if ($user)
{
//user is logged in
if ($_POST['submit'])
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('connection.php');
$queryget = mysql_query("SELECT password FROM Users WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE Users SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='homepage.php'> Return</a>");
}
else
die("Old password doesn't match!");
}
else
echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
else
die ("You must be logged in to change your password");
}
?>
我得到的错误如下:
注意:未定义的索引:提交在/var/www/localhost/htdocs/changeppassword .php第11行修改密码必须先登录。
提前感谢您的帮助。
首先你应该注意到mysql已被弃用,使用mysqli或PDO代替更多信息或像NullPointer已经指向更多好的信息:)
像这样更改代码的结尾,以获得您想要的失败的正确结果:
}else
die ("Nothing came from the $_POST variable");
}else
die ("You must be logged in to change your password");
你得到的错误可能是因为你的$_POST变量没有设置,使用isset()检查是否设置了$_POST。
if (isset($_POST['submit']))
{
//submit post was set
}else
{
//submit post wasn´t set
}
如果你仍然没有得到任何值,检查你的表单。
更新:要查看实际的表单,必须在表单之前结束isset,代码保持如下:
<?php
session_start();
$user = $_SESSION['username'];
if (isset($_SESSION['username']))
{
//user is logged in
if (isset($_POST['submit']))
{
//start changing password
//check fields
$oldpassword = md5($_POST['oldpassword']);
$newpassword = md5($_POST['newpassword']);
$repeatnewpassword = md5($_POST['repeatnewpassword']);
//check password against db
include('connection.php');
$queryget = mysql_query("SELECT password FROM Users WHERE username='$user'") or die ("change password failed");
$row = mysql_fetch_assoc($queryget);
$oldpassworddb = $row['password'];
//check passwords
if ($oldpassword==$oldpassworddb)
{
//check two new passwords
if ($newpassword==$repeatnewpassword)
{
//successs
//change password in db
$querychange = mysql_query("UPDATE Users SET password='$newpassword' WHERE username='$user'");
session_destroy();
die("Your password has been changed. <a href='homepage.php'> Return</a>");
}
else
die("New password doesn't match!");
}else
die("Old password doesn't match!");
}
else
{
echo"
<form action='changepassword.php' method='POST'>
Old Password: <input type='text' name='oldpassword'><p>
New Password: <input type='password' name='newpassword'><p>
Repeat New Password: <input type='password' name='repeatnewpassword'><p>
<input type='submit' name ='submit' value='submit'>
</form>
";
}
}else
die ("You must be logged in to change your password");
?>
但是在你登录之前你不会看到它。你的第二个问题是,你的$user变量似乎没有任何值。尝试上述代码后,如果它不工作。把这行放在
后面$user = $_SESSION['username'];
echo 'Here it shold show the user: '.$user.'';
如果它不显示你没有正确传递会话值
还有一点,如果你的表单指向同一个页面,这就是它的样子,把你的行改成这样:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"], ENT_QUOTES, "utf-8");?>" method='POST'>
你的html输入表单中有一个额外的空格
<input type='submit' name ='submit' value='submit'>
改为
<input type='submit' name='submit' value='submit'>
你还应该确保
if (isset($_POST['submit']))