最受欢迎

使用PHP、Ajax和Jquery更改密码

change password using PHP, Ajax and Jquery

本文关键字:密码 Jquery PHP Ajax 使用 | 更新日期: 2023-09-27

我想我需要一个眼光更好的人来帮助我发现错误。我正在尝试在不刷新页面的情况下更改当前密码。我收到错误消息"错误,请再试一次!"。到目前为止,这是我的代码。

HTML

<form name="resetform" action="changepass.php" id="resetform" class="passform" method="post" role="form">
  <h3>Change Your Password</h3>
  <br />
  <input type="hidden" name="username" value="<?php echo $sname;?>" ></input>
  <label>Enter Old Password</label>
  <input type="password" class="form-control" name="old_password" id="old_password">
  <label>Enter New Password</label>
  <input type="password" class="form-control" name="new_password" id="new_password">
  <label>Confirm New Password</label>
  <input type="password" class="form-control"  name="con_newpassword"  id="con_newpassword" />
 <br>
 <input type="submit" class="btn btn-warning" name="password_change" id="submit_btn" value="Change Password" />
</form>

PHP

<?php
include_once 'database-config.php';
if (isset($_POST['password_change'])) {
    $username = strip_tags($_POST['sname']);
    $password = strip_tags($_POST['old_password']);
    $newpassword = strip_tags($_POST['new_password']);
    $confirmnewpassword = strip_tags($_POST['con_newpassword']);
// match username with the username in the database
    $sql = "SELECT * FROM users WHERE username='$sname'";
    $query = $dbh->prepare($sql);
    $query->execute();
    $row = $query->fetchAll();
    $hash = $row[0]["password"];
    //$hash = $results[0]["password"];
        if ($password == $hash){
            if($newpassword == $confirmnewpassword) {
            $sql = "UPDATE users SET password = '$newpassword' WHERE    username  = '$username'";
            $query = $dbh->prepare($sql);
            $query->execute();
            echo "Password Changed Successfully!";
        } else echo "Passwords do not match!";
        }
    } else echo "Please type your current password accurately!";
}
?>

Jquery

<script type="text/javascript">
$(document).ready(function() {
        var frm = $('#resetform');
        frm.submit(function(e){
            $.ajax({
                type: frm.attr('method'),
                url: frm.attr('action'),
                data: frm.serialize(),
                success: function(data){
                    $('#success').html("<div id='message'></div>");
                    $('#message').html("<h2>Password changed successfully!</h2>")
                    .delay(3000).fadeOut(3000);
                },
                error: function(data) {
                    $('#error').html("<div id='errorMessage'></div>");
                    $('#errorMessage').html("<h3>Error, please try again!</h3>")
                    .delay(2000).fadeOut(2000);
                }
            });
            e.preventDefault();
        });
    });
</script>

如果有任何更正,我将不胜感激:-)

您的代码有几个问题,例如:

  • 请参阅此处的声明,

    if (isset($_POST['password_change'])) { ...

    这里没有设置$_POST['password_change'],因为jQuery的serialize()不包括编码按钮或提交输入,所以您必须将提交按钮的名称和值附加到结果中,如下所示:

    var formData = frm.serialize();
formData += '&' + $('#submit_btn').attr('name') + '=' + $('#submit_btn').attr('value');

  • 变量$username由于该语句而未设置,

    $username = strip_tags($_POST['sname']);

    应该是

    $username = strip_tags($_POST['username']);

  • 在另一个元素中创建一个元素来显示成功/错误消息是没有意义的,而且无论查询结果如何,消息都是相同的。另外,您没有使用服务器的响应data。请参阅AJAX请求中的以下回调函数,

    success: function(data){
    $('#success').html("<div id='message'></div>");
    $('#message').html("<h2>Password changed successfully!</h2>")
    .delay(3000).fadeOut(3000);
},
error: function(data) {
    $('#error').html("<div id='errorMessage'></div>");
    $('#errorMessage').html("<h3>Error, please try again!</h3>")
    .delay(2000).fadeOut(2000);
}

    相反,制作一个div元素,如下所示:

    <div id="message"></div>

    并在回调函数中显示成功/错误消息,如下所示:

    success: function(data){
    $('#message').html(data).delay(3000).fadeOut(3000);
},
error: function(jqXHR, textStatus, errorThrown) {
    $('#message').html(textStatus).delay(2000).fadeOut(2000);
}

  • PHP代码中很少有Parse error: syntax error, unexpected '}' in ...的语法错误。

  • 始终准备绑定执行查询,以防止任何类型的SQL注入。这就是如何防止PHP中的SQL注入。

  • 永远不要将密码存储为纯可读文本,在将原始密码插入表之前,始终对其执行盐水密码哈希。

所以你的代码应该是这样的:

HTML:

<form name="resetform" action="changepass.php" id="resetform" class="passform" method="post" role="form">
    <h3>Change Your Password</h3>
    <br />
    <input type="hidden" name="username" value="<?php echo $sname; ?>" ></input>
    <label>Enter Old Password</label>
    <input type="password" class="form-control" name="old_password" id="old_password">
    <label>Enter New Password</label>
    <input type="password" class="form-control" name="new_password" id="new_password">
    <label>Confirm New Password</label>
    <input type="password" class="form-control"  name="con_newpassword"  id="con_newpassword" />
    <br>
    <input type="submit" class="btn btn-warning" name="password_change" id="submit_btn" value="Change Password" />
</form>
<!--display success/error message-->
<div id="message"></div>

jQuery:

$(document).ready(function() {
    var frm = $('#resetform');
    frm.submit(function(e){
        e.preventDefault();
        var formData = frm.serialize();
        formData += '&' + $('#submit_btn').attr('name') + '=' + $('#submit_btn').attr('value');
        $.ajax({
            type: frm.attr('method'),
            url: frm.attr('action'),
            data: formData,
            success: function(data){
                $('#message').html(data).delay(3000).fadeOut(3000);
            },
            error: function(jqXHR, textStatus, errorThrown) {
                $('#message').html(textStatus).delay(2000).fadeOut(2000);
            }
        });
    });
});

PHP:

<?php
    include_once 'database-config.php';
    if (isset($_POST['password_change'])) {
        $username = strip_tags($_POST['username']);
        $password = strip_tags($_POST['old_password']);
        $newpassword = strip_tags($_POST['new_password']);
        $confirmnewpassword = strip_tags($_POST['con_newpassword']);
        // match username with the username in the database
        $sql = "SELECT * FROM `users` WHERE `username` = ? LIMIT 1";
        $query = $dbh->prepare($sql);
        $query->bindParam(1, $username, PDO::PARAM_STR);
        if($query->execute() && $query->rowCount()){
            $hash = $query->fetch();
            if ($password == $hash['password']){
                if($newpassword == $confirmnewpassword) {
                    $sql = "UPDATE `users` SET `password` = ? WHERE `username` = ?";
                    $query = $dbh->prepare($sql);
                    $query->bindParam(1, $newpassword, PDO::PARAM_STR);
                    $query->bindParam(2, $username, PDO::PARAM_STR);
                    if($query->execute()){
                        echo "Password Changed Successfully!";
                    }else{
                        echo "Password could not be updated";
                    }
                } else {
                    echo "Passwords do not match!";
                }
            }else{
                echo "Please type your current password accurately!";
            }
        }else{
            echo "Incorrect username";
        }
    }
?>

此处更改

$username = strip_tags($_POST['username']);//not sname

您的表单没有提交,因为jQuery的.serialize()不包括input type=submit中的值,因此PHP的if (isset($_POST['password_change'])) {失败。

看看这个:jQuery serializeArray没有';t包括点击的提交按钮

我也会在你的AJAX中包含更好的错误处理。试试这样的东西:

$.ajax({
    type: "post", 
    url: "",
    success: function (data) {
        //...
    },
    error: function (request, status, error) {
        console.log(request);
        console.log(status);
        console.log(error);
    }
});
相关文章:
最新更新
www.56WenDa.com 2012-2023 | php问答网 | php学习