session_start();
?>

//_SESSION['sys_user_id'] 是通过session获得登录时用户的ID即user_id。

//Function:连接数据库
//数据库：inv ，用户：root， 密码：831025
function db_link()
{
access_id = "root";
db_name = "inv";

@ db = mysql_connect('localhost', access_id, '831025') or
die("Could not connect to database. ");
mysql_query("SET NAMES 'GBK'");//显示中文
mysql_select_db(db_name);
return db;
}
link=db_link();

//Funtion:根据用户ID，获得用户name
//表：sys_user 字段：user_id,user_name,user_real_name,user_muser,user_mdate...
function get_user(user_id, user_field)
{
if (user_id == 0 && (user_field == "user_name" || user_field == "user_real_name"))
return "none";
else {
user_sql = "SELECT ".user_field." FROM sys_user WHERE user_id = ".user_id;
user_res = mysql_query(user_sql);
user_num = mysql_num_rows(user_res);
if (user_num > 0) {
user_row = mysql_fetch_array(user_res);
return user_row[0];
}
else
return "";
}
}

echo '


用户名:



原始密码:



新密码:



确认新密码:

if (_POST['save'] == 'Save') {

curr_pwd = _POST['curr_pwd']; //用户输入的原始密码
new_pwd = _POST['new_pwd']; //用户输入的新密码
renew_pwd = _POST['renew_pwd'];

//从数据库获得用户真正的原始密码
user_curr_sql = "SELECT user_password FROM sys_user WHERE user_id = '"._SESSION['sys_user_id']."' ";
user_curr_res = mysql_query(user_curr_sql);
user_curr_row = mysql_fetch_array(user_curr_res);
user_curr_pwd = user_curr_row['user_password'];

//对用户输入的原始密码用password进行加密，以便和真正的原始密码进行比较
user_encode_pwd = "SELECT password(curr_pwd);";
user_encode_res = mysql_query(user_encode_pwd);
user_encode_row = mysql_fetch_array(user_encode_res);
user_encode_pwd = user_encode_row[0];

//比较用户输入的原始密码和从数据库中取得的原始密码
if(user_encode_pwd != user_curr_pwd){
//原始密码错误
echo '';
}else{
//原始密码正确则修改用户密码
user_pwd_sql = "UPDATE sys_user SET user_password=password('".new_pwd."'),user_muser='"._SESSION['sys_user_id']."',user_mdate=now() WHERE user_id = '"._SESSION['sys_user_id']."' ";
user_pwd_res = mysql_query(user_pwd_sql);
if (user_pwd_res) {
echo '';
}else {
echo '';
}
}
}
?>