8797 sujets

Développement web côté serveur, CMS

Vérification d'un ancien pass avant de changer (formulaire et PHP)

Bonjour,

J'ai mis un temps pour réfléchir comment faire et je n'ai pas de résultat alors je soumets ceci :

Le but est de soumettre le formulaire contenant le login, l'ancien passe et le nouveau passe.

j'apprécie l'aide!


voici le code : 


              include('connect-db.php');
              function renderForm($id, $username, $passold, $password, $error) {
                 if ($error != ''){
                 echo $error;
                 }
               ?> 
               <form name="formulaire" action="<?php echo htmlentities($_SERVER['PHP_SELF']) ?>" method="post">
               <fieldset>
               <legend>Authentification</legend>
               <label for="labelusername">Username </label><input type="text" maxlength="64" size="64" id="labelusername" name="username" value="<?php echo $username; ?>" READONLY /><br />
               <label for="labelpassold">Old pass </label><input type="text" maxlength="64" size="64" id="labelpassold" name="passold" value="" /><br />
               <label for="labelpassword">New pass </label><input type="password" maxlength="64" size="64" id="labelpassword" name="password" value="<?php echo $password; ?>" /><br />
               </fieldset>

               <input type="submit" name="submit" value="Submit">
               <input type="reset" name="submit" value="Cancel">
               </form> 

               <?php
               }

               if (isset($_POST['submit'])) { 
                 if (is_numeric(1)) {
                   $id = '1';
                   $username = mysql_real_escape_string($_POST['username']);
                   $passold = mysql_real_escape_string($_POST['passold']);
                   $password = mysql_real_escape_string($_POST['password']);
                 
                 if ($username == '' || $passold == ''|| $password == '') {
                   $error = 'ERROR: Please fill in all required fields!';
                   renderForm($id, $username, $passold, $password, $error);
                 }
                 else {
                   mysql_query("UPDATE dan_bmark SET username='$username', password='$password' WHERE id='1'") or die(mysql_error()); 
                   renderForm($id, $username, $passold, $password, '');
                   echo 'Updated!';
                 }
                 }
                 else {
                   echo 'Error!';
                 }
               }
               else {

                   $result = mysql_query("SELECT username, password FROM dan_bmark WHERE id=1") or die(mysql_error()); 
                   $row = mysql_fetch_array($result);
                   
                   if($row)
                   {
                     $username = $row['username'];
                     $password = $row['password'];
                     renderForm($id, $username, $passold, $password, '');
                   }
                   else {
                     echo "No results!";
                   }
                 }
                 mysql_close();
Sujet clos
Aller à