开发者

HTML PHP MYSQL Change Password

开发者 https://www.devze.com 2023-03-24 16:59 出处:网络
Hi i have this http://kramansronet.comze.com/ registering and everything works when your in the member section of the page how can i add an Change password field?

Hi i have this http://kramansronet.comze.com/

registering and everything works

when your in the member section of the page how can i add an Change password field?

here is my page for the member login

  <?php include "base.php"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">  
<head>  
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />  
<title>User Management System (Tom Cameron for NetTuts)</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>  
<body>  
<div id="main">
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
     ?>

    <h1>Member Area</h1>
     <p>Thanks for logging in! Your username is <b><?=$_SESSION['Username']?></b> and your email address is <b><?=$_SESSION['EmailAddress']?></b>.</p><br>

     <h3>Account Tools:</h3>
     Username: <?=$_SE开发者_运维问答SSION['Username']?><br>
     Password: <?=$_SESSION['password']?><br>
     Email: <?=$_SESSION['EmailAddress']?><br>
     Account Type: <?=$_SESSION['accounttype']?><br>


    <ul>

        <li><a href="logout.php">Logout.</a></li>
    </ul>

    <?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
     $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));

     $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");

    if(mysql_num_rows($checklogin) == 1)
    {
         $row = mysql_fetch_array($checklogin);
        $email = $row['EmailAddress'];
        $accounttype = $row['accounttype'];

        $_SESSION['Username'] = $username;
        $_SESSION['EmailAddress'] = $email;
        $_SESSION['accounttype'] = $accounttype;
        $_SESSION['LoggedIn'] = 1;

         echo "<h1>Success</h1>";
        echo "<p>Please Refresh your browser to go to memeber page.</p>";
        echo "<meta http-equiv='refresh' content='=2;index.php' />";
    }
    else
    {
         echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href=\"index.php\">click here to try again</a>.</p>";
    }
}
else
{
    ?>

   <h1>Member Login</h1>

   <p>Thanks for visiting! Please either login below, or <a href="register.php">click here to register</a>.</p>

    <form method="post" action="index.php" name="loginform" id="loginform">
    <fieldset>
        <label for="username">Username:</label><input type="text" name="username" id="username" /><br />
        <label for="password">Password:</label><input type="password" name="password" id="password" /><br />
        <input type="submit" name="login" id="login" value="Login" />
    </fieldset>
    </form>

   <?php
}
?>
</div>
</body>
</html>


The page should ask the user to input his current password (as a security measure of precaution) and two further input fields to enter the new password twice - again, as a precaution measure.

This is done in HTML using input fields with type password in a form.

Then, in PHP, the given password is checked whether it belongs to the currently logged in user (from session). If this is the case, and both new passwords match, that is, the user did not typo any of them, the database is updated using an SQL UPDATE statement.

As usual when handling with passwords, proper hashing should be used.


You must have made a register form. Thus it should be pretty simple to incorporate changing password. In members' setting page (or whatever) simply give 3 input fields. They are what Shi said. Also there should be a submit button. the form should have action like "changepassword.php" post all 3 fields. query database for current password and if it matches simply

UPDATE users SET password = '$newpass' WHERE username = '$username'
0

精彩评论

暂无评论...
验证码 换一张
取 消