MySQL数据库没有更新

时间:2013-02-05 16:11:15

标签: php mysql passwords

(请忽略md5不是最安全的事实,mysql_ *函数已经过时等等 - 这不会在任何网站上发布!)

所以,我目前有一个系统,用户可以进入恢复密码页面并输入他们的电子邮件。它向他们发送一封电子邮件,其中包含恢复密码的链接。此链接如下:

http://www.example.com/recover_password.php?username=(USERNAME HERE)& recover_password =(CODE HERE)。

代码在注册时随机生成,并在数据库中正确存储。但是,我在尝试使它们从上面的链接更改它时遇到问题。这是recover_password.php页面:

<?php
include 'core/init.php';

$username = (isset($_GET['username']));
$password_recovery = (isset($_GET['password_recovery']));

if (isset($_GET['success']) && empty($_GET['success'])) {
    echo 'Your password has been changed. You may now proceed to log in.';
    die();
} else {

if (password_recovery_exists($password_recovery) === true && (user_exists($username) === true)) {
    if (empty($_POST) === false) {
        $required_fields = array('password', 'password_again');
        foreach($_POST as $key=>$value) {
            if (empty($value) && in_array($key, $required_fields) === true) {
                $errors[] = 'You missed a field!';
                break 1;
            }
        }
            if (trim($_POST['password']) !== trim($_POST['password_again'])) {
                $errors[] = 'Your new passwords do not match';
            } else if (strlen($_POST['password']) < 6) {
                $errors[] = 'Your password must be at least 6 characters long.';
            }
        }
        if (empty($_POST) === false && empty($errors) === true) {
            password_recovery($username, $_POST['password']);
            header('Location: recover_password.php?success');
        }   else {
                echo output_errors($errors);
        }
    }
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>Liste - Login</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<form action="" method="post">          
        <label for="password"><b><center>New Password:</label><br >
        <input type="password" name="password" size="30"><br />

        <label for="password_again"><b><center>Re-enter New Password:</label><br >
        <input type="password" name="password_again" size="30"><br />

        <input type="submit" value="Change Password"><br /><br />
</form>
</center>
</body>
</html>

<?php
}
?>

首先,主要问题是,当他们点击“更改密码”时,不显示任何错误消息,但密码未在数据库中更新,导致我认为password_recovery函数存在问题:< / p> 

function password_recovery($username, $password) {
    $username = sanitize($username);
    $password = md5($password);

    mysql_query("UPDATE `users` SET `password` = '$password' WHERE `username` = '$username'");

我不确定该功能是否存在问题,或者变量是否实际发送或者是什么,所以请帮助我们:)

我还想知道检查'username'和'password_recovery'(来自链接)来自数据库中同一行的语法是什么?

我理解这段代码是一团糟,过时等等,但非常感谢帮助:)

谢谢你们!

2 个答案:

答案 0 :(得分:0)

这应该有效:

<?php
include 'core/init.php';

function password_recovery($username, $password) {
    $username = mysql_real_escape_string(sanitize($username));
    $password = md5($password);

    mysql_query("UPDATE `users` SET `password` = '" . $password . "' WHERE `username` = '" . $username . "'");
}

$username = (isset($_SESSION['username']) ? $_SESSION['username'] : false);
$password_recovery = (isset($_POST['password_recovery']) ? $_POST['password_recovery'] : false);

if (isset($_GET['success']) && empty($_GET['success'])) {
    echo 'Your password has been changed. You may now proceed to log in.';
    die();
} else {

    if (password_recovery_exists($password_recovery) === true && (user_exists($username) === true)) {
        if (empty($_POST) === false) {
            $required_fields = array('password', 'password_again');
            foreach ($_POST as $key => $value) {
                if (empty($value) && in_array($key, $required_fields) === true) {
                    $errors[] = 'You missed a field!';
                    break 1;
                }
            }
            if (trim($_POST['password']) !== trim($_POST['password_again'])) {
                $errors[] = 'Your new passwords do not match';
            } else if (strlen($_POST['password']) < 6) {
                $errors[] = 'Your password must be at least 6 characters long.';
            }
        }
        if (empty($_POST) === false && empty($errors) === true) {
            password_recovery($username, $_POST['password']);
            header('Location: recover_password.php?success');
        } else {
            echo output_errors($errors);
        }
    } else {
        die("User not found");
    }
}
?>
<html>
    <head>
        <meta http-equiv="content-type" content="text/html;charset=utf-8">
        <title>Liste - Login</title>
        <link rel="stylesheet" type="text/css" href="css/style.css">
    </head>
    <body>
        <form action="" method="post">          
            <label for="password"><b><center>New Password:</label><br >
                        <input type="password" name="password" size="30"><br />

                        <label for="password_again"><b><center>Re-enter New Password:</label><br >
                                    <input type="password" name="password_again" size="30"><br />

                                    <input type="submit" value="Change Password"><br /><br />
                                    </form>
                                </center>
                                </body>
                                </html>

答案 1 :(得分:-1)

尝试类似的东西:

mysql_query("UPDATE `users` SET `password` = '".$password."' WHERE `username` = '".$username."'");
相关问题
最新问题