即使满足条件,也会执行其他语句

时间:2013-10-28 13:47:38

标签: php

当提交按钮被命中时,这是2个表单和2个操作。第一个表单询问帐户名称并检查验证码是否正常。如果两者都很好,它会让用户进入下一个表格,询问他2个问题,以便他可以检索他的密码。代码执行正常,但我遇到了问题。当一切正常时:帐户存在,验证码很好,两个问题都没问题,当用户点击第二个表单的提交按钮时,第一个操作的else语句再次执行但表格连续正常,并且他收到了他的密码。任何帮助都会受到关注:)

if ('POST' === $_SERVER['REQUEST_METHOD']){
if($_POST['lostpassword']=='account' AND ($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"]) {

connectdb($CONFIG['dbdbname'], $CONFIG['dbaddress'], $CONFIG['dbuser'], $CONFIG['dbpass']);

$postusername = $_POST['account'];
$postusername = antiinjection($postusername);

$result = mssql_query (sprintf(SELECT_USER_FULLINFO, $postusername));
$rows=mssql_num_rows($result);

if($rows>0) {
    $rows=mssql_fetch_assoc($result); 
    extract($rows);
    $error = 2;
} else {
    echo "Account doesn't exist.<br>";
    $error = 1;
}       
}
else { 
       echo '<script language="JavaScript">
             alert("Wrong Verification code. Please try again.");
             </script>';
     }
}

表格:

<form name='lostpassword' action='index.php?page=lostpassword' method='post'     onsubmit='return checkform1()' autocomplete='off'>
    <table CELLSPACING=0 BORDER=0 CELLPADDING=0 align=CENTER>
        <tr>
            <td width=200>
                Account
            </td>
            <td>
                <div align=right>
                    <input type=text maxlength=14 name=account>
                </div>
            </td>
        </tr>
        <tr>
            <td valign=middle>
                Verification Image  <img src=\"captcha.php\">
            </td>
            <td>
                <div align=right>
                    <input type=text maxlength=4 name=captcha>
                </div>
            </td>
        </tr>

    </table>
    <div align=center>
        <BR>
        <input type=hidden name=lostpassword value='account'>
        <input type=submit name=Login value='   Submit   '>
    </div>
</form>

Nexti行动:

if($_POST['lostpassword']=='email' ) {

$error = 3;
$postusername = $_POST['account'];
$postanswer1 = $_POST['answer1'];
$postanswer2 = $_POST['answer2'];
$postusername = antiinjection($postusername);
$postanswer1 = antiinjection($postanswer1);
$postanswer2 = antiinjection($postanswer2);

connectdb($CONFIG['dbdbname'], $CONFIG['dbaddress'], $CONFIG['dbuser'], $CONFIG['dbpass']);

$result = mssql_query (sprintf(SELECT_USER_FULLINFO, $postusername));
$rows=mssql_num_rows($result);

if($rows>0) {
    $rows=mssql_fetch_assoc($result); 
    extract($rows);

    $postanswer1 = encrypt($postanswer1);
    $postanswer2 = encrypt($postanswer2);
    $answer1 = '0x' . substr(bin2hex($answer1), 0, 32);
    $answer2 = '0x' . substr(bin2hex($answer2), 0, 32);

    if($answer1!=$postanswer1) {
        echo "Answer to security question #1 is incorrect.<br>";
        $error = 2;
    }
    if($answer2!=$postanswer2) {
        echo "Answer to security question #2 is incorrect.<br>";
        $error = 2;
    }
} else {
    echo "Account doesn't exist.<br>";
    $error = 1;
}

}

此行动的表格:

<form name='lostpassword' action='index.php?page=lostpassword' method='post'      onsubmit='return checkform2()' autocomplete='off'>
<table CELLSPACING=0 BORDER=0 CELLPADDING=0 align=CENTER>
<tr>
    <td  width=200>
        Security Question #1
    </td>
    <td>
        <div align=right>
            {$quiz1}
        </div>
    </td>
</tr>
<tr>
    <td>
        Security Answer #1
    </td>
    <td>
        <div align=right>
            <input type=text maxlength=32 name=answer1>
        </div>
    </td>
</tr>
<tr>
    <td>
        Security Question #2
    </td>
    <td>
        <div align=right>
            {$quiz2}
        </div>
    </td>
</tr>
<tr>
    <td>
        Security Answer #2
    </td>
    <td>
        <div align=right>
            <input type=text maxlength=32 name=answer2>
        </div>
    </td>
</tr>
</table>
<div align=center>
    <BR>
    <input type=hidden name=lostpassword value='email'>
    <input type=hidden name=account value='{$postusername}'>
    <input type=submit name=Login value='   Submit   '>
</div>
</form>

电子邮件代码:

if($error==3) {

$newpassword = mt_rand(1000000,9999999);
$newpassword = md5($newpassword);
$newpassword = substr($newpassword, 0, 15);
$encnewpassword = encrypt($newpassword);
echo '<br>';

mssql_query(sprintf(UPDATE_PASSWORD, $encnewpassword, $account));

if($CONFIG['email']==0) {
    echo "<strong>Your password has been reseted to...</strong><br>{$newpassword}<br><br>";
} elseif($CONFIG['email']==1) {
    sendemail($CONFIG['emailsmtp'], $CONFIG['emailuser'], $CONFIG['emailpass'], $CONFIG['emailaddress'], $CONFIG['servername'], "Lost Password", $email, $account, $newpassword, $ssn, "<strong>Your password has been reseted and sent to your email.</strong>");
}

}

2 个答案:

答案 0 :(得分:0)

当然,执行第一个条件的其他语句,因为如果是,则else语句验证first的否定:

if ('POST' === $_SERVER['REQUEST_METHOD']){

}
else {

}

当用户提交第二个表格时,明显输入第一个条件。

您可以通过以下方式解决此问题,例如在提交输入按钮中添加其他名称值,如:

<input type='submit' name='LoginAct1' value='Submit' />
<input type='submit' name='LoginAct2' value='Submit' />

然后您将验证发送的表单数据。

if ('POST' === $_SERVER['REQUEST_METHOD'] && isset($_POST['LoginAct1']) ){
     //blah blah
}

if ('POST' === $_SERVER['REQUEST_METHOD'] && isset($_POST['LoginAct2']) ){
     //blah blah
}

答案 1 :(得分:0)

您需要按如下方式编写第一个操作的“if condition”:

if ('POST' === $_SERVER['REQUEST_METHOD'] && $_POST['lostpassword']=='account'){
    //rest of the code
}

然后你的代码将正常工作。

相关问题
最新问题