忘记密码页面,电子邮件/用户名表单和新密码表单

时间:2013-03-31 23:56:52

标签: php mysql forgot-password

基本上,如果用户访问该页面,他们会获得一个用户名输入的表单。然后检查数据库,然后将生成的密钥添加到数据库中的行,并通过电子邮件将密钥链接发送给它们。该链接将它们带回到同一页面,但使用不同的形式要求更新其密码。

这就是我的问题所在。该脚本首先检查该密钥是否存在。即使它确实存在,我仍然得到呃哦钥匙不存在错误。我已经读完了几次,休息了但仍然无法得到它。希望有人能赶上这个问题!

问题的片段:

<?php
  if ($_GET['do'] == "password") {
    $forgetKeyEmail = mysql_real_escape_string($_GET['key']);

    if ($forgetKeyEmail !== "") {
      $keyQuery = mysql_query("SELECT * FROM users WHERE forgetKey = '$forgetKeyEmail' LIMIT 1");
      $keyCheck - mysql_num_rows($keyQuery);

      if ($keyCheck == 1) {
      ?>

        form goes here to update password

      <?php
        if ($_GET['do'] == "update") {
          $hasher = new PasswordHash(10, false);
          $resetPasswdord = $hasher->HashPassword(mysql_real_escape_string($_POST['inputPassword']));
          $resetPassword = $_POST['inputPassword'];

          if ($_POST['inputPassword'] !== "") {
            mysql_query("UPDATE users SET password = '$resetPassword' WHERE forgetKey = '$forgetKeyEmail'");
            echo "g";
          ?>
success message
          <?php
          }
          else {
          ?>
          empty field message
          <?php
          }
        }
      }
      else{
      ?>
incorrect key message (what I keep getting)
      <?php
      }
    }
  }

完整代码:

<?php
      if ($_GET['do'] == "password") {
        $forgetKeyEmail = mysql_real_escape_string($_GET['key']);

        if ($forgetKeyEmail !== "") {
          $keyQuery = mysql_query("SELECT * FROM users WHERE forgetKey = '$forgetKeyEmail' LIMIT 1");
          $keyCheck - mysql_num_rows($keyQuery);

          if ($keyCheck == 1) {
          ?>

            <form method="POST"class="form-horizontal" action="?do=update&key=<?php echo $forgetKeyEmail; ?>" >
              <div class="control-group">
                <label class="control-label" for="inputPassword">New Password</label>
                <div class="controls">
                  <input type="text" id="inputPassword" name="inputPassword" placeholder="Password">
                </div>
              </div>
              <div class="control-group">
                <div class="controls">
                  <button type="submit" class="btn btn-primary">Reset!</button>
                </div>
              </div>
            </form>

          <?php
            if ($_GET['do'] == "update") {
              $hasher = new PasswordHash(10, false);
              $resetPasswdord = $hasher->HashPassword(mysql_real_escape_string($_POST['inputPassword']));
              $resetPassword = $_POST['inputPassword'];

              if ($_POST['inputPassword'] !== "") {
                mysql_query("UPDATE users SET password = '$resetPassword' WHERE forgetKey = '$forgetKeyEmail'");
                echo "g";
              ?>
              <div class="alert alert-success" style="margin:0;">
                <strong>Woooo!</strong> Your password has been changed, you can now <a href="login.php">login.</a>
              </div>
              <?php
              }
              else {
              ?>
              <div class="alert alert-error" style="margin:0;">
                <strong>Woops!</strong> You need to fill out a password!
              </div>
              <?php
              }
            }
          }
          else{
          ?>
          <div class="alert alert-error" style="margin:0;">
            <strong>Uh oh!</strong> That key is incorrect.
          </div>
          <?php
          }
        }
      }

      elseif ($_GET['do'] == "reset") {
        $resetUsername = mysql_real_escape_string($_POST['inputUser']);
        if ($resetUsername !== "") {
          $checkQuery = mysql_query("SELECT * FROM users WHERE username = '$resetUsername' LIMIT 1");
          $checkExist = mysql_num_rows($checkQuery);
          $userData = mysql_fetch_array($checkQuery);
          $mailEmail = $userData['email'];

          if ($checkExist == 1) {
            $forgetKey = genRandomString() . genRandomString();
            mysql_query("UPDATE users SET forgetKey = '$forgetKey' WHERE username = '$resetUsername'");

            $message = "Hey there, ".$resetUsername." - We've received a request to reset your password. <br /><br /> Please click the following link to do so: <a href=\"http://localhost/vanilla/forgot.php?do=reset&key=".$forgetKey."\"";

            echo $forgetKey;
            mail($mailEmail, 'realvanil.la Password Reset', $message);
          ?>

            <div class="alert alert-info" style="margin:0;">
              An email has been sent to <strong><?php echo $userData['email']; ?></strong> with your reset information!
            </div>

          <?php
          }
          else {
          ?>

            <div class="alert alert-error">
              <strong>Uh oh!</strong> We can't seem to find an account with that username. Remember, it's your Minecraft username!
            </div>

            <form method="POST"class="form-horizontal" action="?do=reset" >
              <div class="control-group">
                <label class="control-label" for="inputUser">Username</label>
                <div class="controls">
                  <input type="text" id="inputUser" name="inputUser" placeholder="Username">
                </div>
              </div>
              <div class="control-group">
                <div class="controls">
                  <button type="submit" class="btn btn-primary">Send Email!</button>
                </div>
              </div>
            </form>

        <?php
        }
      }
      else {
      ?>

      <div class="alert alert-error">
        <strong>Uh oh!</strong> You need to tell us your username ;)
      </div>

      <form method="POST"class="form-horizontal" action="?do=reset" >
        <div class="control-group">
          <label class="control-label" for="inputUser">Username</label>
          <div class="controls">
            <input type="text" id="inputUser" name="inputUser" placeholder="Username">
          </div>
        </div>
        <div class="control-group">
          <div class="controls">
            <button type="submit" class="btn btn-primary">Send Email!</button>
          </div>
        </div>
      </form>   

      <?php
        }
    }
    else {
    ?>

  <form method="POST"class="form-horizontal" action="?do=reset" >
    <div class="control-group">
      <label class="control-label" for="inputUser">Username</label>
      <div class="controls">
        <input type="text" id="inputUser" name="inputUser" placeholder="Username">
      </div>
    </div>
    <div class="control-group">
      <div class="controls">
        <button type="submit" class="btn btn-primary">Send Email!</button>
      </div>
    </div>
  </form>

  <?php
  }
  ?>

1 个答案:

答案 0 :(得分:0)

您可能希望编辑脚本,以便它没有任何语法错误。

$keyCheck - mysql_num_rows($keyQuery);

更改为

$keyCheck = mysql_num_rows($keyQuery);