我想我需要一个有更好眼光的人来帮助我发现我的错误。我正在尝试更改当前密码而不刷新页面。我收到错误消息“错误,请重试!”。这是我到目前为止的代码。
HTML
<form name="resetform" action="changepass.php" id="resetform" class="passform" method="post" role="form">
<h3>Change Your Password</h3>
<br />
<input type="hidden" name="username" value="<?php echo $sname;?>" ></input>
<label>Enter Old Password</label>
<input type="password" class="form-control" name="old_password" id="old_password">
<label>Enter New Password</label>
<input type="password" class="form-control" name="new_password" id="new_password">
<label>Confirm New Password</label>
<input type="password" class="form-control" name="con_newpassword" id="con_newpassword" />
<br>
<input type="submit" class="btn btn-warning" name="password_change" id="submit_btn" value="Change Password" />
</form>
PHP
<?php
include_once 'database-config.php';
if (isset($_POST['password_change'])) {
$username = strip_tags($_POST['sname']);
$password = strip_tags($_POST['old_password']);
$newpassword = strip_tags($_POST['new_password']);
$confirmnewpassword = strip_tags($_POST['con_newpassword']);
// match username with the username in the database
$sql = "SELECT * FROM users WHERE username='$sname'";
$query = $dbh->prepare($sql);
$query->execute();
$row = $query->fetchAll();
$hash = $row[0]["password"];
//$hash = $results[0]["password"];
if ($password == $hash){
if($newpassword == $confirmnewpassword) {
$sql = "UPDATE users SET password = '$newpassword' WHERE username = '$username'";
$query = $dbh->prepare($sql);
$query->execute();
echo "Password Changed Successfully!";
} else echo "Passwords do not match!";
}
} else echo "Please type your current password accurately!";
}
?>
Jquery
<script type="text/javascript">
$(document).ready(function() {
var frm = $('#resetform');
frm.submit(function(e){
$.ajax({
type: frm.attr('method'),
url: frm.attr('action'),
data: frm.serialize(),
success: function(data){
$('#success').html("<div id='message'></div>");
$('#message').html("<h2>Password changed successfully!</h2>")
.delay(3000).fadeOut(3000);
},
error: function(data) {
$('#error').html("<div id='errorMessage'></div>");
$('#errorMessage').html("<h3>Error, please try again!</h3>")
.delay(2000).fadeOut(2000);
}
});
e.preventDefault();
});
});
</script>
如果有任何更正,我将不胜感激:-)
最佳答案
您的代码存在多个问题,例如:
请参阅此处的声明,
if (isset($_POST['password_change'])) { ...
这里,
$_POST['password_change']
没有设置,因为jQuery的serialize()
不包括编码按钮或提交输入,所以你必须附加名称以及结果的提交按钮的值,如下所示:var formData = frm.serialize(); formData += '&' + $('#submit_btn').attr('name') + '=' + $('#submit_btn').attr('value');
由于此语句,变量
$username
未设置,$username = strip_tags($_POST['sname']);
应该是
$username = strip_tags($_POST['username']);
没有必要在另一个元素内创建一个元素来显示成功/错误消息,而且无论查询结果如何,该消息都是相同的。另外,您没有使用服务器的响应数据。在 AJAX 请求中查看以下回调函数,
success: function(data){ $('#success').html("<div id='message'></div>"); $('#message').html("<h2>Password changed successfully!</h2>") .delay(3000).fadeOut(3000); }, error: function(data) { $('#error').html("<div id='errorMessage'></div>"); $('#errorMessage').html("<h3>Error, please try again!</h3>") .delay(2000).fadeOut(2000); }
相反,创建一个
div
元素,如下所示:<div id="message"></div>
并在回调函数中显示成功/错误消息,如下所示:
success: function(data){ $('#message').html(data).delay(3000).fadeOut(3000); }, error: function(jqXHR, textStatus, errorThrown) { $('#message').html(textStatus).delay(2000).fadeOut(2000); }
您的 PHP 代码中存在一些语法错误,包括
解析错误:语法错误,...中出现意外的“}”
。始终准备、绑定(bind)和执行您的查询,以防止任何类型的 SQL 注入(inject)。 And this is how you can prevent SQL injection in PHP .
切勿将密码存储为纯可读文本,始终执行 salted password hashing在将原始密码插入到表中之前。
所以你的代码应该是这样的:
HTML:
<form name="resetform" action="changepass.php" id="resetform" class="passform" method="post" role="form">
<h3>Change Your Password</h3>
<br />
<input type="hidden" name="username" value="<?php echo $sname; ?>" ></input>
<label>Enter Old Password</label>
<input type="password" class="form-control" name="old_password" id="old_password">
<label>Enter New Password</label>
<input type="password" class="form-control" name="new_password" id="new_password">
<label>Confirm New Password</label>
<input type="password" class="form-control" name="con_newpassword" id="con_newpassword" />
<br>
<input type="submit" class="btn btn-warning" name="password_change" id="submit_btn" value="Change Password" />
</form>
<!--display success/error message-->
<div id="message"></div>
jQuery:
$(document).ready(function() {
var frm = $('#resetform');
frm.submit(function(e){
e.preventDefault();
var formData = frm.serialize();
formData += '&' + $('#submit_btn').attr('name') + '=' + $('#submit_btn').attr('value');
$.ajax({
type: frm.attr('method'),
url: frm.attr('action'),
data: formData,
success: function(data){
$('#message').html(data).delay(3000).fadeOut(3000);
},
error: function(jqXHR, textStatus, errorThrown) {
$('#message').html(textStatus).delay(2000).fadeOut(2000);
}
});
});
});
PHP:
<?php
include_once 'database-config.php';
if (isset($_POST['password_change'])) {
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['old_password']);
$newpassword = strip_tags($_POST['new_password']);
$confirmnewpassword = strip_tags($_POST['con_newpassword']);
// match username with the username in the database
$sql = "SELECT * FROM `users` WHERE `username` = ? LIMIT 1";
$query = $dbh->prepare($sql);
$query->bindParam(1, $username, PDO::PARAM_STR);
if($query->execute() && $query->rowCount()){
$hash = $query->fetch();
if ($password == $hash['password']){
if($newpassword == $confirmnewpassword) {
$sql = "UPDATE `users` SET `password` = ? WHERE `username` = ?";
$query = $dbh->prepare($sql);
$query->bindParam(1, $newpassword, PDO::PARAM_STR);
$query->bindParam(2, $username, PDO::PARAM_STR);
if($query->execute()){
echo "Password Changed Successfully!";
}else{
echo "Password could not be updated";
}
} else {
echo "Passwords do not match!";
}
}else{
echo "Please type your current password accurately!";
}
}else{
echo "Incorrect username";
}
}
?>
关于php - 使用 PHP、Ajax 和 Jquery 更改密码,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37168637/