我在开发登录系统时遇到了一个问题。我构建了一个处理多个用户登录的类。我还为admin用户创建了一个管理区域。他将能够添加新用户、更改密码、删除用户等。
现在我设法使添加新用户和更改密码部分。我现在遇到的问题是关于更改密码部分。
我有一个这样结构的表:
TABLE user
id int(11) AUTO INCREMENT
admin int(11) DEFAULT 0
username varchar(256)
password varchar(256)
表中的admin定义了用户的类型,0表示普通用户,1表示可以执行上面描述的操作的admin用户。
我有以下功能来修改用户密码:
public function changeUserPassword($cusrn,$oldPass,$newPass,$newPassConfirm) {
if(strlen($newPass) < 4) {
$error = true;
$message['error'] = true;
$message['message'] = "The Password is to short";
return json_encode($message);
}
elseif($newPass != $newPassConfirm) {
$error = true;
$message['error'] = true;
$message['message'] = "Confirmed Password doesn't match";
return json_encode($message);
}
elseif(!(ALLOW_SPECIAL_CHARACTERS == true) && preg_match('/[''^£$%&*()}{@#~?><>,|=_+¬-]/', $newPass)) {
$error = true;
$message['error'] = true;
$message['message'] = "Special characters are not allowed";
return json_encode($message);
}
elseif(!(ALLOW_NUMBERS == true) && preg_match('#'d#',$newPass)) {
$error = true;
$message['error'] = true;
$message['message'] = "Numbers are not allowed";
return json_encode($message);
}
elseif(!isset($error)) {
$oldPass = hash_hmac('sha512',$oldPass,$this -> salt($cusrn,$oldPass));
$newPass = hash_hmac('sha512',$newPass,$this -> salt($cusrn,$newPass));
$sql = 'SELECT username,password FROM user WHERE username = ? AND password = ?';
if($stmt = $this->conn->prepare($sql)) {
$stmt->bind_param('ss',$cusrn,$newPass);
$stmt->execute();
$stmt->bind_result($usrn,$passw);
if($stmt->fetch()) {
if( $cusrn == $usrn ) {
if(!(strcmp($oldPass,$passw) == false)) {
$error = true;
$message['error'] = true;
$message['message'] = "The current Password is incorrect";
return json_encode($message);
}
elseif (!(strcmp($oldPass,$newPass) == false)) {
$stmt->close();
$sql = "UPDATE user SET password = ? WHERE username = '$usrn' LIMIT 1";
if($stmt = $this->conn->prepare($sql)) {
$stmt->bind_param('s',$newPass);
$stmt->execute();
$stmt->close();
$error = false;
$message['error'] = false;
$message['message'] = "Password successfuly changed";
return json_encode($message);
}
else {
$error = true;
$message['error'] = true;
$message['message'] = "Cannot connect to database for updating";
return json_encode($message);
}
}
else {
$error = true;
$message['error'] = true;
$message['message'] = "New Password must not match the old one";
return json_encode($message);
}
}
else {
$error = true;
$message['error'] = true;
$message['message'] = "The current Username is incorrect";
return json_encode($message);
}
}
else {
$error = true;
$message['error'] = true;
$message['message'] = "Cannot fetch data from the database";
return json_encode($message);
}
}
else {
$error = true;
$message['error'] = true;
$message['message'] = "Cannot prepare database connection";
return json_encode($message);
}
}
else {
$error = true;
$message['error'] = true;
$message['message'] = "Check the PHP syntax | Something went wrong";
return json_encode($message);
}
}
我遇到的问题是,如果我试图输入某个用户名它要么给我这个:
"Cannot fetch data from the database"
或者它一直告诉我:
"The current Username is incorrect"
,即使用户名是正确的。虽然它适用于它存在于表中的最后一行,但我的意思是它适用于放在表中最后一行的用户名。
我确定我做错了什么,我问你我做错了什么
您的代码很难阅读,但是我可以看到一个错误是您选择用户的地方:
$sql = 'SELECT username,password FROM user WHERE username = ? AND password = ?';
if($stmt = $this->conn->prepare($sql)) {
$stmt->bind_param('ss',$cusrn,$newPass);
您正在使用新密码来选择用户,而不是更改它,因此将失败/您将找不到用户。
顺便说一下,如果您希望您的admin能够更改不同用户的密码,您需要将admin用户排除在某些密码比较功能之外。
例如(假设您在会话中设置了admin用户):
if(!(strcmp($oldPass,$passw) == false) || $_SESSION['admin_user']) {