我有这个代码用于我忘记的密码表单,但它不起作用,任何人都能看到错误吗?它只是一个空白屏幕,什么都不做。我已经尝试了一切,但无法使其发挥作用。谢谢
<?php
$host="localhost"; // Host name
$username="admin"; // Mysql username
$password=""; // Mysql password
$db_name="members"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myemail=$_POST['myemail'];
$sql="SELECT * FROM $tbl_name WHERE email='$myemail'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
$email = $_P0ST['email'];
function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
if($count==1){
$newpassword=createRandomPassword();
$encrypted_mypassword=md5($newpassword);
$sql="UPDATE members SET password= ('$encrypted_mypassword') WHERE email = ('$myemail')";
$run=mysqli_query($sql);
$to = "$myemail";
$subject = "Your Password";
$messages="Your password for accessing to our website \r\n";
$messages="Your password is $encrypted_mypassword \r\n";
$messages="Please change this password for security reasons. Thank you. \r\n";
$from = "info@.co.uk";
$headers = "From:" . $from;
mail($to,$subject,$messages,$headers);
echo "Mail Sent.";
答案 0 :(得分:1)
你可以试试吗$sql="UPDATE members SET password='$encrypted_mypassword' WHERE email = '$myemail' ";
$run=mysql_query($sql);。您使用mysqli_query就是原因。
$host="localhost"; // Host name
$username="admin"; // Mysql username
$password=""; // Mysql password
$db_name="members"; // Database name
$tbl_name="members"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// Define $myusername and $mypassword
$myemail=$_POST['myemail'];
$sql="SELECT * FROM $tbl_name WHERE email='$myemail'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
$email = $_POST['email'];
function createRandomPassword() {
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
if($count>0){
$newpassword=createRandomPassword();
$encrypted_mypassword=md5($newpassword);
$sql="UPDATE members SET password='$encrypted_mypassword' WHERE email = '$myemail' ";
$run=mysql_query($sql);
$to = "$myemail";
$subject = "Your Password";
$messages="Your password for accessing to our website \r\n";
$messages="Your password is $encrypted_mypassword \r\n";
$messages="Please change this password for security reasons. Thank you. \r\n";
$from = "info@.co.uk";
$headers = "From:" . $from;
mail($to,$subject,$messages,$headers);
echo "Mail Sent.";
}
答案 1 :(得分:1)
它只是出现了一个空白屏幕并且什么都不做
由于脚本末尾有一个回显,但是得到一个空白的屏幕而没有消息,这很可能指向一个PHP错误(这将停止脚本以及为什么你得到一个空白页面)。
您需要访问错误日志文件,通常在/var/log/apache2/error.log中 无论如何,在开发PHP时,您应该定期访问此文件,以检查PHP警告和通知中的错误,错误和问题。
我怀疑这个错误只是一个错误的结果:
if($count==1){
您可以使用{打开它,但不要使用}关闭它
将}放在echo "Mail Sent.";之后,问题就会消失。只留下剩下的问题:
在脚本末尾回复“echo "Mail Sent.";”并不意味着电子邮件已发送。某处可能出现了问题,因此请检查电子邮件是否已发送,并在结果中回显相关声明。
如:
if (mail($to,$subject,$messages,$headers))
{
echo "Mail Sent.";
}
else
{
echo "Something went wrong";
}
你可以做得更好一点,但它给你的想法,因为只是回应“发送的电子邮件”是误导性的,你会相信即使出现故障,脚本也能正常工作。
您确实需要阅读有关用户输入验证和Mysql清理的信息。在使用数据库插入或选择或删除(任何)之前信任变量会引入非常真实的安全问题。
可在此处找到入门读物:
How can I prevent SQL injection in PHP?
md5()不再是加密密码的安全方法。请参阅此处了解主要原因以及当前最佳实践的想法,例如“crypt()”:
http://www.php.net/manual/en/faq.passwords.php#faq.passwords.fasthash
答案 2 :(得分:0)
除了您应该使用预准备语句,并且您应该使用安全的方式来存储密码[即不是md5],$_P0ST应为$_POST。
答案 3 :(得分:0)
这个大括号
if($count==1){
永远不会关闭。