我是php新手,学习速度很快。我有一张表格,该表格允许用户更新他/她的安全性问题,并且还要求用户输入他/她的引用号以便进行更改。
我的表格代码如下:
<form action="securityupdated.php" method="post">
<table width="80%" border="0">
<tr>
<td><label for="secret_question">Secret Question</label></td>
<td><span id="spryselect1">
<select name="secret_question" id="secret_question">
<option selected="selected">Please Select Your Secret Question</option>
<option id="secret_question" value="What Is Your Mothers Maiden Name?">What Is Your Mothers Maiden Name</option>
<option id="secret_question" value="What Was The Name Of Your First Pet?">What Was The Name Of Your First Pet</option>
<option id="secret_question" value="What Was Your First Car?">What Was Your First Car</option>
<option id="secret_question" value="What Is Your Favourite Colour?">What Is Your Favourite Colour</option>
</select>
<span class="selectRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="secret_anwser">Your Anwser</label></td>
<td><br /><span id="sprytextfield1">
<input type="text" name="secret_anwser" id="secret_anwser" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="password">Your Reference</label>
</td>
<td><br />
<span id="sprytextfield2">
<input type="text" name="ref" id="ref" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td> </td>
<td><br /><input name="" type="submit" value="Update" /></td>
</tr>
</table>
</form>
我的PHP脚本如下:
<?php
$secret_question = mysql_real_escape_string($_REQUEST['secret_question']);
$secret_anwser = mysql_real_escape_string($_REQUEST['secret_anwser']);
$sql= "UPDATE public SET secret_question = '$secret_question', secret_anwser = '$secret_anwser' WHERE active = 'activated' AND ni = '". $_SESSION['ni']."'";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
else
{
echo '<hr /><h3 align="center">Security Question Has Been Updated</h3><hr />';
}
?>
我不知道该如何编码,以便它可以检查用户输入的ref是否与数据库中的ref字段匹配,如果匹配,则应继续进行更新,如果不匹配,则应要求用户执行更新再次输入他的密码?
最佳答案
我不是“安全性问题”的信奉者,但我想添加密码检查是合理的,因为如果有人做到这一点,他可能会阻止真实用户请求还原密码,如果那是您使用密码的原因。所以,是的,使用mysql_fetch_row
获取密码(我希望它是sha1哈希吗?)并将其与用户输入的内容进行比较(添加新密码字段)
HTML:
<tr>
<td><label for="password_check">Your password</label></td>
<td><input type="text" name="password_check" id="password_check" /></td>
</tr>
和PHP:
$result = mysql_query("SELECT `password` FROM public WHERE ni = '". $_SESSION['ni']."'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
if(strlen($row[0])>0 && $row[0]==sha1($_POST['password_check'])){
.. your existing update code goes here
}
关于php - PHP查看密码是否匹配,如果匹配,则提交其数据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9880429/