我有一个小规模的应用程序,允许管理员重置他们的密码。我目前拥有它,以便管理员输入他们的电子邮件地址,它会生成一个随机密钥并通过电子邮件发送给他们。随机密钥也存储在用户的数据库中。该电子邮件还包含指向表单的链接,用户可以通过输入用户名和发送给他们的代码来重置密码。
以下是重置密码表单:
<h1>Reset Your Password</h1>
<form id="reset" name="reset" method="post" action="reset-admin-password-exec.php">
<table width="365" height="147" border="0" cellpadding="0" cellspacing="5">
<tr>
<td width="144">Username: </td>
<td><input name="username" type="text" class="textfield" id="username" /></td>
</tr>
<tr>
<td>Code: </td>
<td><input name="code" type="text" class="textfield" id="code" /></td>
</tr>
<tr>
<td>New Password: </td>
<td><input name="password" type="password" class="textfield" id="code" /></td>
</tr>
<tr>
<td>Confirm Password: </td>
<td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
</tr>
<tr>
<td><input type="submit" name="Submit" value="Reset" /></td>
</tr>
</table>
</form>
这是处理代码的reset-admin-password-exec.php文件:
<?
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//check for validation errors
if (isset ($_POST['username']) && !empty ($_POST['username'])) {
$username = clean($_POST['username']);
} else {
$errmsg_arr[] = 'username do not match';
$errflag = true;
}
if (isset ($_POST['code']) && !empty ($_POST['code'])) {
$code = clean($_POST['code']);
} else {
$errmsg_arr[] = 'code do not match';
$errflag = true;
}
if (isset ($_POST['password']) && !empty ($_POST['password'])) {
$password = clean($_POST['password']);
} else {
$errmsg_arr[] = 'first do not match';
$errflag = true;
}
if (isset ($_POST['cpassword']) && !empty ($_POST['cpassword'])) {
$cpassword = clean($_POST['cpassword']);
} else {
$errmsg_arr[] = 'second do not match';
$errflag = true;
}
//Check that both password match
if( strcmp($password, $cpassword) != 0 ) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
//encrypt the password
$salt1 = md5($username);
$salt2 = md5(DB_PASSWORD);
$password = sha1($salt1.$password.$salt2);
//if there are input validations redirect back to main page
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: reset-admin-password-form.php");
exit();
}
$qry = " UPDATE admins
SET password = '$password'
WHERE randkey = '$code'
AND username = '$username'";
$result = mysql_query($qry);
if($result) {
echo $result;
//header("location: reset-admin-password-success.php");
exit();
}else {
die(mysql_error());
}
?>
我的所有验证都有效,如果任何字段为空或密码不匹配,它将重定向。但是,如果code字段与表格中的randkey字段不匹配,则查询仍然有效。我已经尝试将randkeys作为字段来确保它失败,这样做。
当我回应$qry时,我得到了这个:UPDATE admins SET password = 'b978ac7c458d65ca31c02eb4e7dabd9aa6a8e235' WHERE randkey = 'CHLVQ6vfq' AND username = 'user.name'
任何人都可以帮我解决这个问题吗?
答案 0 :(得分:0)
您确定查询确实有效吗?它可能没有输出任何错误,但这并不意味着它实际上正在更新任何行。
利用mysql_affected_rows;此函数将告诉您是否实际更新了任何行(即WHERE子句是否匹配)
您应该将代码的最后一部分更改为:
$rows = mysql_affected_rows();
if( $rows == 1 ) {
header("location: reset-admin-password-success.php");
exit();
}
else {
if( $rows == 0 ) {
$_SESSION['ERRMSG_ARR'] = array('Your username and code do not match');
} else {
$_SESSION['ERRMSG_ARR'] = array('Unknown error');
}
session_write_close();
header("location: reset-admin-password-form.php");
exit();
}