Форумы портала PHP.SU :: Версия для печати :: Помогите с формой смены пароля

Страниц (1): [1]

1. kremenchug - 26 Июня, 2018 - 23:56:33 - перейти к сообщению

Здравствуйте, помогите пожалуйста, нужно добавить обязательный ввод старого пароля и текущего, чтобы изменить пароль. Новичок в php и как осуществить, не понимаю, буду очень благодарен за помощь!

PHP:
скопировать код в буфер обмена

<?PHP  include('server.php')?>
<?PHP 
 
//PHP-код для обновления данных из базы mysql
if(isset($_POST['update']))
{
    
   $hostname = "localhost";
   $username = "root";
   $password = "";
   $databaseName = "registration";
   
   $connect = mysqli_connect($hostname, $username, $password, $databaseName);
   
   // получать значения 
   
   $id = $_POST['id'];
   $password = $_POST['password'];
 
           
   // запрос mysql для обновления данных
   $query = "UPDATE `users` SET `password`= '".$password."'  WHERE `id` = $id";
   
   $result = mysqli_query($connect, $query);
   
   if($result)
   {
       echo 'Data Updated';
   }else{
       echo 'Data Not Updated';
   }
   mysqli_close($connect);
}
 
?>
 
<!DOCTYPE html>
 
<html>
 
    <head>
 
        <title> PHP UPDATE DATA </title>
 
        <meta charset="UTF-8">
 
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
 
    </head>
 
    <body>
    <div class="container">
  <div class="frame">
    <div class="nav">
      <ul class"links">
        <li class="signin-active"><a class="btn">Update inform</a></li>
      </ul>
    </div>
        <form class="form-signin" action="change-password.php" method="post">
 
            ID To Update: <input class="form-styling" type="text" name="id" required value="<?PHP  echo $id; ?>" readonly ><br><br>
 
            New Password:<input class="form-styling" type="text" name="password" required ><br><br>
 
          
 
      
            
 
            <input class="btn-signin" type="submit" name="update" value="Update Data">
 
        </form>
        <div class="forgot">
        <a href="index.php">Back</a>
      </div>
  </div>
</div>
    </body>
 
 
</html>
 

server.php

PHP:
скопировать код в буфер обмена

<?PHP 
session_start();
 
// initializing variables
$username = "";
$email    = "";
$phone = "";
$errors = array(); 
 
// connect to the database
$db = mysqli_connect('localhost', 'root', '', 'registration');
//username
if (isset($_GET['username'])){
  $username = $_GET['username'];
  $userquery = "SELECT * FROM users WHERE username = '$username'";
  $result = mysqli_query($db,$userquery);
  if(mysqli_num_rows($result) != 1)  {
       die ("That username could not be found");
       echo mysqli_error($db);
  }
  while($row = mysqli_fetch_assoc($result)){
      $id = $row['id'];
      $password = $row['password'];
      $username = $row['username'];
      $email = $row['email'];
      $phone = $row['phone'];
      $dbusername = $row['username'];
  }
  if($username != $dbusername){
      die ("There has been a fatal error.");
  }
}
// REGISTER USER
if (isset($_POST['reg_user'])) {
  // receive all input values from the form
  $username = mysqli_real_escape_string($db, $_POST['username']);
  $email = mysqli_real_escape_string($db, $_POST['email']);
  $phone = mysqli_real_escape_string($db, $_POST['phone']);
  $password_1 = mysqli_real_escape_string($db, $_POST['password_1']);
  $password_2 = mysqli_real_escape_string($db, $_POST['password_2']);
  $id = mysqli_real_escape_string($db, $_POST['id']);
  // form validation: ensure that the form is correctly filled ...
  // by adding (array_push()) corresponding error unto $errors array
  if (empty($username)) { array_push($errors, "Username is required"); }
  if (empty($email)) { array_push($errors, "Email is required"); }
  if (empty($phone)) { array_push($errors, "Phone is required"); }
  if (empty($password_1)) { array_push($errors, "Password is required"); }
  if ($password_1 != $password_2) {
        array_push($errors, "The two passwords do not match");
  }
 
  // first check the database to make sure 
  // a user does not already exist with the same username and/or email
  $user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";
  $result = mysqli_query($db, $user_check_query);
  $user = mysqli_fetch_assoc($result);
  
  if ($user) { // if user exists
    if ($user['username'] === $username) {
      array_push($errors, "Username already exists");
    }
 
    if ($user['email'] === $email) {
      array_push($errors, "email already exists");
    }
  }
 
  // Finally, register user if there are no errors in the form
  if (count($errors) == 0) {
        $password = $password_1;//$password = md5($password_1)
 
        $query = "INSERT INTO users (username, email, phone, password) 
                          VALUES('$username', '$email', '$phone','$password')";
        mysqli_query($db, $query);
        $_SESSION['username'] = $username;
        $_SESSION['success'] = "You are now logged in";
        header('location: index.php');
  }
}
if (isset($_POST['login_user'])) {
    $username = mysqli_real_escape_string($db, $_POST['username']);
    $password = mysqli_real_escape_string($db, $_POST['password']);
 
  
    if (empty($username)) {
        array_push($errors, "Username is required");
    }
    if (empty($password)) {
        array_push($errors, "Password is required");
    }
  
    if (count($errors) == 0) {
        $password = $password; //$password = md5($password)
        $query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
        $results = mysqli_query($db, $query);
        if (mysqli_num_rows($results) == 1) {
          $_SESSION['username'] = $username;
          $_SESSION['success'] = "You are now logged in";
          header('location: index.php');
        }else {
            array_push($errors, "Wrong username/password combination");
        }
    }
  }
  
 
 
  ?>

<?PHP include('server.php')?>

//PHP-код для обновления данных из базы mysql

if(isset($_POST['update']))

$hostname = "localhost";

$databaseName = "registration";

$connect = mysqli_connect($hostname, $username, $password, $databaseName);

// получать значения

$password = $_POST['password'];

// запрос mysql для обновления данных

$query = "UPDATE `users` SET `password`= '".$password."' WHERE `id` = $id";

$result = mysqli_query($connect, $query);

echo 'Data Updated';

echo 'Data Not Updated';

mysqli_close($connect);

<title> PHP UPDATE DATA </title>

<li class="signin-active"><a class="btn">Update inform</a></li>

ID To Update: <input class="form-styling" type="text" name="id" required value="<?PHP echo $id; ?>" readonly ><br><br>

New Password:<input class="form-styling" type="text" name="password" required ><br><br>

// initializing variables

// connect to the database

$db = mysqli_connect('localhost', 'root', '', 'registration');

if (isset($_GET['username'])){

$username = $_GET['username'];

$userquery = "SELECT * FROM users WHERE username = '$username'";

$result = mysqli_query($db,$userquery);

if(mysqli_num_rows($result) != 1) {

die ("That username could not be found");

echo mysqli_error($db);

while($row = mysqli_fetch_assoc($result)){

$password = $row['password'];

$username = $row['username'];

$email = $row['email'];

$phone = $row['phone'];

$dbusername = $row['username'];

if($username != $dbusername){

die ("There has been a fatal error.");

if (isset($_POST['reg_user'])) {

// receive all input values from the form

$username = mysqli_real_escape_string($db, $_POST['username']);

$email = mysqli_real_escape_string($db, $_POST['email']);

$phone = mysqli_real_escape_string($db, $_POST['phone']);

$password_1 = mysqli_real_escape_string($db, $_POST['password_1']);

$password_2 = mysqli_real_escape_string($db, $_POST['password_2']);

$id = mysqli_real_escape_string($db, $_POST['id']);

// form validation: ensure that the form is correctly filled ...

// by adding (array_push()) corresponding error unto $errors array

if (empty($username)) { array_push($errors, "Username is required"); }

if (empty($email)) { array_push($errors, "Email is required"); }

if (empty($phone)) { array_push($errors, "Phone is required"); }

if (empty($password_1)) { array_push($errors, "Password is required"); }

if ($password_1 != $password_2) {

array_push($errors, "The two passwords do not match");

// first check the database to make sure

// a user does not already exist with the same username and/or email

$user_check_query = "SELECT * FROM users WHERE username='$username' OR email='$email' LIMIT 1";

$result = mysqli_query($db, $user_check_query);

$user = mysqli_fetch_assoc($result);

if ($user) { // if user exists

if ($user['username'] === $username) {

array_push($errors, "Username already exists");

if ($user['email'] === $email) {

array_push($errors, "email already exists");

// Finally, register user if there are no errors in the form

if (count($errors) == 0) {

$password = $password_1;//$password = md5($password_1)

$query = "INSERT INTO users (username, email, phone, password)

VALUES('$username', '$email', '$phone','$password')";

mysqli_query($db, $query);

$_SESSION['username'] = $username;

$_SESSION['success'] = "You are now logged in";

header('location: index.php');

if (isset($_POST['login_user'])) {

$username = mysqli_real_escape_string($db, $_POST['username']);

$password = mysqli_real_escape_string($db, $_POST['password']);

if (empty($username)) {

array_push($errors, "Username is required");

if (empty($password)) {

array_push($errors, "Password is required");

if (count($errors) == 0) {

$password = $password; //$password = md5($password)

$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";

$results = mysqli_query($db, $query);

if (mysqli_num_rows($results) == 1) {

$_SESSION['username'] = $username;

$_SESSION['success'] = "You are now logged in";

header('location: index.php');

array_push($errors, "Wrong username/password combination");

ID To Update: <input class="form-styling" type="hidden" name="id" required value="<?PHP echo $id; ?>" readonly ><br><br>

Old Password:<input class="form-styling" type="password" name="password_old" required ><br><br>

New Password:<input class="form-styling" type="password" name="password_1" required ><br><br>

Repeat New Password:<input class="form-styling" type="password" name="password_2" required ><br><br>

foreach(['id','password_old','password_1','password_2'] as $n) $$n=trim($_POST[$n]);

// запрос mysqli $password_from_db for user $id

$query = "SELECT password FROM `users` WHERE `id` = $id";

$result = mysqli_query($connect, $query);

$password_from_db = mysqli_fetch_assoc($result)['password'];

if($password_1!=$password_2)

echo 'Error password_1 != password_2 ';

else if($password_1==$password_from_db)

echo 'Error New password = Old password';

// запрос mysqli для обновления данных

$query = "UPDATE `users` SET `password`= '".$password_1."' WHERE `id` = $id";

$result = mysqli_query($connect, $query);

echo 'Data Updated';

echo 'Data Not Updated';

foreach(['id','password_old','password_1','password_2'] as $n) $$n=trim($_POST[$n]);

// запрос mysqli $password_from_db for user $id

$query = "SELECT password FROM `users` WHERE `id` = $id";

$result = mysqli_query($connect, $query);

$password_from_db = mysqli_fetch_assoc($result)['password'];

if($password_1!=$password_2)

echo 'Error password_1 != password_2 ';

if($password_1==$password_from_db )

echo 'Error New password = Old password';

// запрос mysqli для обновления данных

$query = "UPDATE `users` SET `password`= '".$password_1."' WHERE `id` = $id";

$result = mysqli_query($connect, $query);

echo 'Data Updated';

echo 'Data Not Updated';