我正在尝试编写一个程序来更改用户的密码,但完成它有点困难,我有它的一般要点,但有一些语法错误。这是我的程序;
CREATE PROC ChangePassword
@User_Name NVARCHAR(50),
@OldPassword NVARCHAR(50),
@NewPassword NVARCHAR(50),
@ResponseMessage NVARCHAR(250)='' OUTPUT
AS
BEGIN
SET NOCOUNT ON
IF ((
SELECT PasswordHash
FROM dbo.Users
WHERE dbo.Users.user_name=@User_Name)=HASHBYTES('SHA2_512',@OldPassword + (
SELECT CAST(Salt AS NVARCHAR(50))
FROM dbo.Users
WHERE dbo.Users.user_name = @User_Name)))
THEN
UPDATE dbo.Users SET PasswordHash = HASHBYTES('SHA2_512',@NewPassword + (
SELECT CAST(Salt AS NVARCHAR(50))
FROM dbo.Users
WHERE dbo.Users.user_name = @User_Name))
SET @ResponseMessage = 'Password Changed Successfully'
ELSE
SET @ResponseMessage = 'Old Password did not match'
END
它基本上会检查他们输入的旧密码的哈希值是否与实际旧密码的哈希值匹配,如果匹配,则使用新密码的哈希值更新它,但是IF在编译过程中我对语句有点困难错误下面的THEN和ELSE说incorrect syntax near 'THEN'和ELSE分别,可能有人提供一些指导,以解决这一问题?
为了可读性和易于维护,您可以执行以下操作:
CREATE PROC ChangePassword
@User_Name NVARCHAR(50),
@OldPassword NVARCHAR(50),
@NewPassword NVARCHAR(50),
@ResponseMessage NVARCHAR(250) = '' OUTPUT
AS
BEGIN
-- To keep track of the old password hash in the User table
DECLARE @oldPasswordHash VARBINARY(8000) = (SELECT PasswordHash FROM dbo.Users WHERE User_Name = @User_Name);
-- To obtain the salt used with the HASHBYTES function and passwords
DECLARE @salt NVARCHAR(50) = (SELECT Salt FROM dbo.Users WHERE User_Name = @User_Name);
-- To check if the old password hash in the User table matches the the @OldPassword passed by the user
DECLARE @computedOldPasswordHash VARBINARY(8000) = HASHBYTES('SHA2_512', @OldPassword + @salt);
-- Check if old password hash equals the computed old password hash
IF (@oldPasswordHash = @computedOldPasswordHash)
BEGIN
-- new password hash
DECLARE @newPasswordHash VARBINARY(8000) = HASHBYTES('SHA2_512', @NewPassword + @salt);
UPDATE dbo.Users
SET PasswordHash = @newPasswordHash
WHERE User_Name = @User_Name
SET @ResponseMessage = 'Password Changed Successfully'
END
ELSE
BEGIN
SET @ResponseMessage = 'Old Password did not match'
END
END
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句