我想我需要一个眼光更好的人来帮助我发现错误。我正在尝试在不刷新页面的情况下更改当前密码。我收到错误消息"错误,请再试一次!"。到目前为止,这是我的代码。
HTML
<form name="resetform" action="changepass.php" id="resetform" class="passform" method="post" role="form">
<h3>Change Your Password</h3>
<br />
<input type="hidden" name="username" value="<?php echo $sname;?>" ></input>
<label>Enter Old Password</label>
<input type="password" class="form-control" name="old_password" id="old_password">
<label>Enter New Password</label>
<input type="password" class="form-control" name="new_password" id="new_password">
<label>Confirm New Password</label>
<input type="password" class="form-control" name="con_newpassword" id="con_newpassword" />
<br>
<input type="submit" class="btn btn-warning" name="password_change" id="submit_btn" value="Change Password" />
</form>
PHP
<?php
include_once 'database-config.php';
if (isset($_POST['password_change'])) {
$username = strip_tags($_POST['sname']);
$password = strip_tags($_POST['old_password']);
$newpassword = strip_tags($_POST['new_password']);
$confirmnewpassword = strip_tags($_POST['con_newpassword']);
// match username with the username in the database
$sql = "SELECT * FROM users WHERE username='$sname'";
$query = $dbh->prepare($sql);
$query->execute();
$row = $query->fetchAll();
$hash = $row[0]["password"];
//$hash = $results[0]["password"];
if ($password == $hash){
if($newpassword == $confirmnewpassword) {
$sql = "UPDATE users SET password = '$newpassword' WHERE username = '$username'";
$query = $dbh->prepare($sql);
$query->execute();
echo "Password Changed Successfully!";
} else echo "Passwords do not match!";
}
} else echo "Please type your current password accurately!";
}
?>
Jquery
<script type="text/javascript">
$(document).ready(function() {
var frm = $('#resetform');
frm.submit(function(e){
$.ajax({
type: frm.attr('method'),
url: frm.attr('action'),
data: frm.serialize(),
success: function(data){
$('#success').html("<div id='message'></div>");
$('#message').html("<h2>Password changed successfully!</h2>")
.delay(3000).fadeOut(3000);
},
error: function(data) {
$('#error').html("<div id='errorMessage'></div>");
$('#errorMessage').html("<h3>Error, please try again!</h3>")
.delay(2000).fadeOut(2000);
}
});
e.preventDefault();
});
});
</script>
如果有任何更正,我将不胜感激:-)
您的代码有几个问题,例如:
-
请参阅此处的声明,
if (isset($_POST['password_change'])) { ...
这里没有设置
$_POST['password_change']
,因为jQuery的serialize()
不包括编码按钮或提交输入,所以您必须将提交按钮的名称和值附加到结果中,如下所示:var formData = frm.serialize(); formData += '&' + $('#submit_btn').attr('name') + '=' + $('#submit_btn').attr('value');
-
变量
$username
由于该语句而未设置,$username = strip_tags($_POST['sname']);
应该是
$username = strip_tags($_POST['username']);
-
在另一个元素中创建一个元素来显示成功/错误消息是没有意义的,而且无论查询结果如何,消息都是相同的。另外,您没有使用服务器的响应
data
。请参阅AJAX请求中的以下回调函数,success: function(data){ $('#success').html("<div id='message'></div>"); $('#message').html("<h2>Password changed successfully!</h2>") .delay(3000).fadeOut(3000); }, error: function(data) { $('#error').html("<div id='errorMessage'></div>"); $('#errorMessage').html("<h3>Error, please try again!</h3>") .delay(2000).fadeOut(2000); }
相反,制作一个
div
元素,如下所示:<div id="message"></div>
并在回调函数中显示成功/错误消息,如下所示:
success: function(data){ $('#message').html(data).delay(3000).fadeOut(3000); }, error: function(jqXHR, textStatus, errorThrown) { $('#message').html(textStatus).delay(2000).fadeOut(2000); }
-
PHP代码中很少有
Parse error: syntax error, unexpected '}' in ...
的语法错误。 -
始终准备、绑定和执行查询,以防止任何类型的SQL注入。这就是如何防止PHP中的SQL注入。
-
永远不要将密码存储为纯可读文本,在将原始密码插入表之前,始终对其执行盐水密码哈希。
所以你的代码应该是这样的:
HTML:
<form name="resetform" action="changepass.php" id="resetform" class="passform" method="post" role="form">
<h3>Change Your Password</h3>
<br />
<input type="hidden" name="username" value="<?php echo $sname; ?>" ></input>
<label>Enter Old Password</label>
<input type="password" class="form-control" name="old_password" id="old_password">
<label>Enter New Password</label>
<input type="password" class="form-control" name="new_password" id="new_password">
<label>Confirm New Password</label>
<input type="password" class="form-control" name="con_newpassword" id="con_newpassword" />
<br>
<input type="submit" class="btn btn-warning" name="password_change" id="submit_btn" value="Change Password" />
</form>
<!--display success/error message-->
<div id="message"></div>
jQuery:
$(document).ready(function() {
var frm = $('#resetform');
frm.submit(function(e){
e.preventDefault();
var formData = frm.serialize();
formData += '&' + $('#submit_btn').attr('name') + '=' + $('#submit_btn').attr('value');
$.ajax({
type: frm.attr('method'),
url: frm.attr('action'),
data: formData,
success: function(data){
$('#message').html(data).delay(3000).fadeOut(3000);
},
error: function(jqXHR, textStatus, errorThrown) {
$('#message').html(textStatus).delay(2000).fadeOut(2000);
}
});
});
});
PHP:
<?php
include_once 'database-config.php';
if (isset($_POST['password_change'])) {
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['old_password']);
$newpassword = strip_tags($_POST['new_password']);
$confirmnewpassword = strip_tags($_POST['con_newpassword']);
// match username with the username in the database
$sql = "SELECT * FROM `users` WHERE `username` = ? LIMIT 1";
$query = $dbh->prepare($sql);
$query->bindParam(1, $username, PDO::PARAM_STR);
if($query->execute() && $query->rowCount()){
$hash = $query->fetch();
if ($password == $hash['password']){
if($newpassword == $confirmnewpassword) {
$sql = "UPDATE `users` SET `password` = ? WHERE `username` = ?";
$query = $dbh->prepare($sql);
$query->bindParam(1, $newpassword, PDO::PARAM_STR);
$query->bindParam(2, $username, PDO::PARAM_STR);
if($query->execute()){
echo "Password Changed Successfully!";
}else{
echo "Password could not be updated";
}
} else {
echo "Passwords do not match!";
}
}else{
echo "Please type your current password accurately!";
}
}else{
echo "Incorrect username";
}
}
?>
此处更改
$username = strip_tags($_POST['username']);//not sname
您的表单没有提交,因为jQuery的.serialize()
不包括input type=submit
中的值,因此PHP的if (isset($_POST['password_change'])) {
失败。
看看这个:jQuery serializeArray没有';t包括点击的提交按钮
我也会在你的AJAX中包含更好的错误处理。试试这样的东西:
$.ajax({
type: "post",
url: "",
success: function (data) {
//...
},
error: function (request, status, error) {
console.log(request);
console.log(status);
console.log(error);
}
});