所以我的网站有以下密码恢复脚本。
<?php
session_start();
include "init.php";
$pg_title = "Password Recovery";
$mysql_c = mysql_connect($config['mysql_host'], $config['mysql_user'], $config['mysql_pass']);
mysql_select_db($config['mysql_name'], $mysql_c);
if($_SESSION['auth'] && $_SESSION['auth']['ip_address'] == ip2long(get_real_ip()) && isset($_SESSION['auth']['sid']))
{
include ROOT . '/templates/' . $config['template_version'] . '/files/header.php';
echo "You are already logged in.";
include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
}
else
{
if(!isset($_GET['k']))
{
if(!isset($_POST['submit']))
{
include ROOT . '/templates/' . $config['template_version'] . '/files/header.php';
include ROOT . '/templates/' . $config['template_version'] . '/files/form_password_recovery.php';
include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
}
else
{
include ROOT . '/templates/' . $config['template_version'] . '/files/header.php';
$errors = array();
$email = trim($_POST['email_address']);
$code = trim($_POST['verification_code']);
if(!preg_match("/^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$/", $email))
{
$errors[] = "The entered email address is invalid. Please verify your entered email address.";
}
if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE email_address = '$email'")) != 1)
{
$errors[] = "The entered email address was not found in out member database.";
}
if($_SESSION['image_code'] != md5($code))
{
$errors[] = "The entered verification code is incorrect. Please verify the entered code.";
}
if(count($errors) > 0)
{
$error_report = $errors;
include ROOT . '/templates/' . $config['template_version'] . '/files/form_password_recovery.php';
}
else
{
$key = md5(uniqid(rand(), true));
//$xxx = mysql_fetch_array(mysql_query("SELECT * FROM users WHERE email_address = '$email'"));
mysql_query("UPDATE users SET recover_key = '$key' WHERE email_address = '$email'");
if (strtoupper(substr(PHP_OS,0,3)=='WIN')) {
$eol="\r\n";
} elseif (strtoupper(substr(PHP_OS,0,3)=='MAC')) {
$eol="\r";
} else {
$eol="\n";
}
$headers = 'From: ddd.com <support@ddfsd.com>'.$eol;
$headers .= 'Reply-To: ddd.com <support@fsdfs.com>'.$eol;
$headers .= 'Return-Path: ddd.com <support@Edfsdf.com>'.$eol;
mail($email, "ddddd Password Recovery", "The following IP address has requested a password recovery action: ".get_real_ip()."\n\nTo recover your password you must visit this link and enter your new password to the pages you will be presented to.\n\nhttp://www.fsdf.com/passwordrecovery,$key.html\n\nThank you very much!", $headers);
include ROOT . '/templates/' . $config['template_version'] . '/files/form_password_recovery_success.php';
}
include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
}
}
else
{
$key = $_GET['k'];
if(mysql_num_rows(mysql_query("SELECT * FROM users WHERE recover_key = '$key'")) != 1)
{
include ROOT . '/templates/' . $config['template_version'] . '/files/header.php';
echo "The supplied verification code, <em>$key</em>, is invalid.";
include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
exit();
}
if(!isset($_POST['submit']))
{
include ROOT . '/templates/' . $config['template_version'] . '/files/header.php';
include ROOT . '/templates/' . $config['template_version'] . '/files/form_password_recovery_change.php';
include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
}
else
{
$errors = array();
$password = trim($_POST['password']);
$password_2 = trim($_POST['confirm_password']);
if(!preg_match("/^.{3,16}$/i", $password))
{
$errors[] = "The password entered is invalid. Enter a 3 to 16 character username.";
}
if($password != $password_2)
{
$errors[] = "The passwords entered did not match. Please verify your entered passwords.";
}
if(count($errors) > 0)
{
$error_report = $errors;
include ROOT . '/templates/' . $config['template_version'] . '/files/header.php';
include ROOT . '/templates/' . $config['template_version'] . '/files/form_password_recovery_change.php';
include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
}
else
{
mysql_query("UPDATE users SET password = '".md5($password)."', recover_key = '' WHERE recover_key = '$key'");
include ROOT . '/templates/' . $config['template_version'] . '/files/header.php';
echo "Your password has been successfully reset.<br /><br />You may now go to the <a href='index.html'>home page</a> or <a href='signin.html'>signin.html</a>.";
include ROOT . '/templates/' . $config['template_version'] . '/files/footer.php';
}
}
}
}
&GT;
如果向下滚动到
mail($email, "ddddd Password Recovery", "The following IP address has requested a password recovery action: ".get_real_ip()."\n\nTo recover your password you must visit this link and enter your new password to the pages you will be presented to.\n\nhttp://www.fsdf.com/passwordrecovery,$key.html\n\nThank you very much!", $headers);
如何让它获取请求它的人的用户名。例如,我想密码恢复电子邮件说
亲爱的用户名,以下IP地址已请求密码恢复操作:“。get_real_ip()。”\ n \ n要恢复密码,您必须访问此链接并输入新密码到您将要呈现的页面。 \ n \ n \ nhttp://www.fsdf.com/passwordrecovery,$key.html \ n \ n非常感谢你!“,
我尝试添加$ username = $ _SESSION [“username”];并通过说亲爱的$ username来调用它以下的ip ....但这不起作用。
答案 0 :(得分:0)
只需使用此查询:
$result = mysql_query("SELECT username_field FROM users WHERE email_address = '$email'");
然后使用
检索它 $username = mysql_result($result,0,'username_field');
注意:将username_field替换为字段的真实姓名。