所以我正在处理这个密码重置表单。用户点击发送到他们的电子邮件的链接,然后他们被带到网页输入新密码。当他们提交表单时,将3个变量(密码,密钥和电子邮件)传递给我的函数文件以更新用户的密码。密码本身正在发布,但电子邮件和密钥不是。我做了一个vardump来查看实际发送的内容,它只是在表单上的email / key值中显示代码。我不确定我做错了什么。
修改 所以我发现电子邮件/密钥没有传递给updateUserPassword()函数。我在下面发布了新的正确表单代码。 已解决
<?php session_start();
include("include/DB_Connect.php");
include("include/DB_Functions.php"); // Connect to database server(localhost) with username and password.
mysql_select_db("android_api") or die(mysql_error()); // Select registration database.
$show = 'emailForm'; //which form step to show by default
if (isset($_POST['subStep']) && !isset($_GET['a']))
{
switch($_POST['subStep'])
{
case 1:
//we are submitting a new password (only for encrypted)
if ($_POST['email'] == '' || $_POST['key'] == '') header("location: forgotpw.php");
if (strcmp($_POST['password'],$_POST['pw1']) != 0 || trim($_POST['password']) == '')
{
$error = true;
$show = 'recoverForm';
} else {
$error = false;
$show = 'recoverSuccess';
updateUserPassword($_POST['email'],$_POST['password'],$_POST['key']);
var_dump($_POST['email'],$_POST['password'],$_POST['key']);
}
break;
}
} elseif (isset($_GET['a']) && $_GET['a'] == 'recover' && $_GET['email'] != "") {
$show = 'invalidKey';
$result = checkEmailKey(urldecode(base64_decode($_GET['email'])),$_GET['key']);
if ($result == false)
{
$error = true;
$show = 'invalidKey';
} elseif ($result['status'] == true) {
$error = false;
$show = 'recoverForm';
$securityUser = $result['email'];
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Password Recovery</title>
<link href="assets/css/styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="header"></div>
<div id="page">
<?php switch($show) {
case 'recoverForm': ?>
<h2>Password Recovery</h2>
<p>Welcome back, <?php echo getUserName($securityUser=='' ? $_GET['email'] : $securityUser); ?>.</p>
<p>In the fields below, enter your new password.</p>
<?php if ($error == true) { ?><span class="error">The new passwords must match and must not be empty.</span><?php } ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div class="fieldGroup"><label for="password">New Password</label><div class="field"><input type="password" class="input" name="password" id="password" value="" maxlength="20"></div></div>
<div class="fieldGroup"><label for="pw1">Confirm Password</label><div class="field"><input type="password" class="input" name="pw1" id="pw1" value="" maxlength="20"></div></div>
<input type="hidden" name="subStep" value="1" />
<input type="hidden" name="email" value="<?php echo $securityUser=='' ? $_POST['email'] : $securityUser; ?>" />
<input type="hidden" name="key" value="<?php echo $_GET['key']=='' ? $_POST['key'] : $_GET['key']; ?>" />
<div class="fieldGroup"><input type="submit" value="Submit" style="margin-left: 150px;" /></div>
<div class="clear"></div>
</form>
<?php break; case 'invalidKey': ?>
<h2>Invalid Key</h2>
<p>The key that you entered was invalid. Either you did not copy the entire key from the email, you are trying to use the key after it has expired (3 days after request), or you have already used the key in which case it is deactivated.<br /><br /><a href="login.php">Return</a> to the login page. </p>
<?php break; case 'recoverSuccess': ?>
<h2>Password Reset</h2>
<p>Congratulations! your password has been reset successfully.</p><br /><br /><a href="login.php">Return</a> to the login page. </p>
<?php break; }
ob_flush();
$mySQL->close();
?>
</div>
</body>
</html>
这是我的功能代码:
function updateUserPassword($email,$password,$key)
{
global $mySQL;
if (checkEmailKey($email,$key) === false) return false;
if ($SQL = $mySQL->prepare("UPDATE `users` SET `encrypted_password` = ? WHERE `email` = ?"))
{
$password = md5(trim($password) . PW_SALT);
$SQL->bind_param('ss',$email,$password);
$SQL->execute();
$SQL->close();
$SQL = $mySQL->prepare("DELETE FROM `recoveryemails_enc` WHERE `Key` = ?");
$SQL->bind_param('s',$key);
$SQL->execute();
}
}