用户的更改密码 [英] Changepassword for user

问题描述

我正在尝试创建更改密码页。

我写了一些代码及其工作，但我有一个问题，当用户登录并想要更改密码时，它会改变，但是如果有相同的密码，db也会改变

I'm trying to create change password page.
I wrote some code and its working, but I have a problem, when the user login and want to change the password, it will change, but the db will also change if there are any similar to same password

SqlConnection con = new SqlConnection(@"Data Source=DESKTOP-D09CKIL\SQLEXPRESS;Initial Catalog=ASDProject;Integrated Security=True");
            con.Open();
            String str1 = "select name,email,password from account where password ='" + TextBox1.Text + "'";
            SqlCommand cmd = new SqlCommand(str1, con);
            SqlDataReader dr = cmd.ExecuteReader();
            if (dr.Read())
            {
                SqlConnection con1 = new SqlConnection(@"Data Source=DESKTOP-D09CKIL\SQLEXPRESS;Initial Catalog=ASDProject;Integrated Security=True");
                con1.Open();
                string str = "Update account set password ='" + TextBox2.Text + "' where password = '" + TextBox1.Text + "'";
                SqlCommand cmd1 = new SqlCommand(str, con1);
                cmd1.ExecuteNonQuery();
                Label1.Text = " your password change";
                con1.Close();
                con.Close();
            }
            else
            {
                Label1.Text = "your password not change";
            }

in db

名称电子邮件密码

cdcd cdcd@c.com 111

dfdf dfdf@c.com 111

eee eee@e.com 111



我尝试了什么：



在这种情况下如何为角色扮演一个角色？ db，只更改当前用户的密码而不是所有用户（即使有相同的密码）

in the db
name email password
cdcd cdcd@c.com 111
dfdf dfdf@c.com 111
eee eee@e.com 111

What I have tried:

in this case how can I put some role for the db, just change the password for current user not all user ( even if there are same password)

推荐答案

正如Jochen在解决方案1中提到的，您的查询是错误的。如果你阅读它，你正在做的就是在你需要寻找匹配的密码和电子邮件时寻找匹配的密码。您的选择和更新都是错误的。



但是，您还应该查看散列密码，以便您的应用程序更安全。建议不要以明文形式存储密码。有一篇关于散列密码的非常详细的文章，请访问 Salted Password Hashing - 正确行事 [ ^ ]

As Jochen mentioned in Solution 1, your query is wrong. If you read it all you are doing is looking for a matching password when you need to be looking for matching password and email. Both your select and update are wrong.

However, you should also look into hashing passwords so that your application is much more secure. Storing passwords in plain text is not a recommended practice. There is a very detailed article on hashing passwords at Salted Password Hashing - Doing it Right[^]

您应该使用唯一键查询数据库。对于您的列，这可能是电子邮件：

You should query the database using a unique key. With your columns this is probably the email:

select name,email,password from account where email = value

然后使用新密码更新检索到的记录集。

Then update the retrieved recordset with the new password.

这篇关于用户的更改密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！