您好我正在尝试忘记密码脚本并成功完成但我遇到了一个问题。在forgot.php当用户输入电子邮件时,脚本会检查数据库中的电子邮件是否匹配,然后它会将激活码保存在数据库中,并将激活码发送到他的电子邮件地址。
收到电子邮件后点击该链接,他将在resetpass.php重置密码表格,首先检查激活码是否与数据库中的代码匹配,如果是,那么用户将输入他的新密码,它会重置他的密码,但问题是密码没有改变谁输入了他的电子邮件它改变了其他人的密码:D。我不知道这个剧本中出了什么问题
Forgot.php
<?php
error_reporting(0);
if($_POST['submit']=='Send')
{
//keep it inside
$email=$_POST['email'];
$code = $_GET['activation_code'];
$con=mysqli_connect("Localhost","root","123","user");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con,"select * from login where user_email='$email'")
or die(mysqli_error($con));
if (mysqli_num_rows ($query)==1)
{
$code=rand(100,999);
$message="You activation link is: http://bing.fun2pk.com/resetpass.php?email=$email&code=$code";
mail($email, "ZatWing", $message);
echo 'Email sent';
$query2 = mysqli_query($con,"update login set activation_code='$code' where user_email='$email' ")
or die(mysqli_error($con));
}
else
{
echo 'No user exist with this email id';
}}
?>
<form action="forgot.php" method="post">
Enter you email ID: <input type="text" name="email">
<input type="submit" name="submit" value="Send">
</form>
resetpass.php
<?php
if(isset($_GET['code'])) {
$acode = $_GET['code'];}
echo $acode;
if(isset($_POST['pass'])){
$pass = $_POST['pass'];
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con));
if (mysqli_num_rows ($query)==1)
{
$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con));
echo 'Password Changed';
}
else
{
echo 'Wrong CODE';
}}
?>
<form action="resetpass.php" method="POST">
<p>New Password:</p><input type="password" name="pass" />
<input type="submit" name="submit" value="Signup!" />
</form>
答案 0 :(得分:2)
我在resetpass.php
您首先必须使用$_GET['code']来获取激活码并存储在
这里是修改后的代码,应该可以使用。
<?php
if(isset($_POST['pass'])){
$pass = $_POST['pass'];
$acode=$_POST['code'];
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con));
if (mysqli_num_rows ($query)==1)
{
$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con));
echo 'Password Changed';
}
else
{
echo 'Wrong CODE';
}
}
?>
<form action="resetpass.php" method="POST">
<p>New Password:</p><input type="password" name="pass" />
<input type="submit" name="submit" value="Signup!" />
<input type="hidden" name="code" value="<?php echo $_GET['code'];?>" />
</form>
答案 1 :(得分:0)
您需要将操作从resetpass.php更改为resetpass.php?code=<?php echo $_GET['code'];?>
否则,您提交表单时代码会丢失。
例如:(不是无bug!)
<?php
if(isset($_GET['code'])) $acode = $_GET['code'];
else die("No code!");
$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else {
$acode = mysqli_real_escape_string($con, $acode);
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con));
if(mysqli_num_rows($query) == 0) {
echo "Wrong code";
die();
} elseif (mysqli_num_rows ($query)==1 && isset($_POST['pass'])) {
$pass = mysqli_real_escape_string($con, $_POST['pass']);
$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con));
echo 'Password Changed';
}
}
?>
<form action="resetpass.php?code=<?php echo $_GET['code'];?>" method="POST">
<p>New Password:</p><input type="password" name="pass" />
<input type="submit" name="submit" value="Signup!" />
</form>
但想想一些事情:
答案 2 :(得分:0)
replace