php+mysq 修改用户密码(用password加密)

<?php
session_start();
?>

<script type=”text/javascript”><!–
function checkinput(form){
if(document.mod_pwd.curr_pwd.value==”"){
alert(“請輸入原始密碼!”);
document.mod_pwd.curr_pwd.select();
return(false);
}
if(document.mod_pwd.new_pwd.value==”"){
alert(“請輸入新密碼!”);
document.mod_pwd.new_pwd.select();
return(false);
}
if(document.mod_pwd.new_pwd.value.length <6){
alert(“請至少輸入6位新密碼!”);
document.mod_pwd.new_pwd.select();
return(false);
}
if(document.mod_pwd.renew_pwd.value==”"){
alert(“請再輸入一遍新密碼!”);
document.mod_pwd.renew_pwd.select();
return(false);
}
if(document.mod_pwd.new_pwd.value!=document.mod_pwd.renew_pwd.value){
alert(“您兩次輸入的密碼不一緻，請重新輸入!”);
mod_pwd.renew_pwd.select();
return(false);
}
}
–></script>

<?php

//_SESSION[\'sys_user_id\'] 是通过session获得登录时用户的ID即user_id。

//Function:连接数据库
//数据库：inv ，用户：root， 密码：831025
function db_link()
{
access_id = “root”;
db_name = “inv”;

@ db = mysql_connect(‘localhost’, access_id, ’831025′) or
die(“Could not connect to database. “);
mysql_query(“SET NAMES ‘GBK’”);//显示中文
mysql_select_db(db_name);
return db;
}
link=db_link();

//Funtion:根据用户ID，获得用户name
//表：sys_user 字段：user_id,user_name,user_real_name,user_muser,user_mdate…
function get_user(user_id, user_field)
{
if (user_id == 0 && (user_field == “user_name” || user_field == “user_real_name”))
return “none”;
else {
user_sql = “SELECT “.user_field.” FROM sys_user WHERE user_id = “.user_id;
user_res = mysql_query(user_sql);
user_num = mysql_num_rows(user_res);
if (user_num > 0) {
user_row = mysql_fetch_array(user_res);
return user_row[0];
}
else
return “”;
}
}

echo ‘<form name=”mod_pwd” action=”" method=”post” onsubmit=”return checkinput(this)”>
<table cellpadding=”0″ cellspacing=”1″>
<tr>
<th class=”criteria”> 用户名: </th>
<td><input type=”text” name=”user_name” size=”15″ maxlength=”15″ value=”‘.get_user(_SESSION[\'sys_user_id\'],’user_name’).’”></td>
</tr>
<tr>
<th class=”criteria”> 原始密码: </th>
<td><input type=”password” name=”curr_pwd” size=”15″ maxlength=”15″ value=”‘._POST[\'curr_pwd\'].’”></td>
</tr>
<tr>
<th class=”criteria”> 新密码: </th>
<td><input type=”password” name=”new_pwd” size=”15″ maxlength=”15″ value=”‘._POST[\'new_pwd\'].’”></td>
</tr>
<tr>
<th class=”criteria”> 确认新密码: </th>
<td><input type=”password” name=”renew_pwd” size=”15″ maxlength=”15″ value=”‘._POST[\'renew_pwd\'].’”>
<input type=”submit” name=”save” value=”Save”></td>
</tr>
</table>
</form>’;

if (_POST[\'save\'] == ‘Save’) {

curr_pwd = _POST[\'curr_pwd\']; //用户输入的原始密码
new_pwd = _POST[\'new_pwd\']; //用户输入的新密码
renew_pwd = _POST[\'renew_pwd\'];

//从数据库获得用户真正的原始密码
user_curr_sql = “SELECT user_password FROM sys_user WHERE user_id = ‘”._SESSION[\'sys_user_id\'].”‘ “;
user_curr_res = mysql_query(user_curr_sql);
user_curr_row = mysql_fetch_array(user_curr_res);
user_curr_pwd = user_curr_row[\'user_password\'];

//对用户输入的原始密码用password进行加密，以便和真正的原始密码进行比较
user_encode_pwd = “SELECT password(curr_pwd);”;
user_encode_res = mysql_query(user_encode_pwd);
user_encode_row = mysql_fetch_array(user_encode_res);
user_encode_pwd = user_encode_row[0];

//比较用户输入的原始密码和从数据库中取得的原始密码
if(user_encode_pwd != user_curr_pwd){
//原始密码错误
echo ‘<script>alert(“您输入的原始密码错误，请重新输入!”);</script>’;
}else{
//原始密码正确则修改用户密码
user_pwd_sql = “UPDATE sys_user SET user_password=password(‘”.new_pwd.”‘),user_muser=’”._SESSION[\'sys_user_id\'].”‘,user_mdate=now() WHERE user_id = ‘”._SESSION[\'sys_user_id\'].”‘ “;
user_pwd_res = mysql_query(user_pwd_sql);
if (user_pwd_res) {
echo ‘<script>alert(“密码修改成功!”);</script>’;
}else {
echo ‘<script>alert(“密码修改失败!”);</script>’;
}
}
}
?>