重置新密码后,令牌变空

时间:2014-06-25 05:40:03

标签: php mysql token

我正在尝试编写用于重置密码的脚本,我已将令牌放入数据库,并检查令牌是否存在于数据库中,以及我将要重置数据库的部分。但由于某种原因,它正在更新没有令牌的数据库。我不知道为什么......我对编码很新,希望我的代码不太难以阅读并且有太多缺陷。

 <?php

    ini_set('display_errors', 1); error_reporting(E_ALL);
    session_start();
    include 'connect.php';


    $token = isset($_GET['token'])?$_GET['token']:"";


        echo"$token";


    $check=mysqli_query($con,"SELECT email FROM Test WHERE reset = '$token'")or die( mysqli_error($con));
     while($row = mysqli_fetch_array($check)){

            $email = $row['email'];

             }
    if (mysqli_num_rows($check)==0)
          echo ("Token Doesnt exist");

        elseif($_POST) {






     //get form data



     $password1 = mysqli_real_escape_string($con,$_POST['password1']);
      $password = mysqli_real_escape_string($con,$_POST['password']);

     if (!$password){
        echo "Please fill out all fields"; 
     }
     else if ($password1 !== $password)
     {
         echo "Password don't match";

     }
     else 
     {
         echo"$email";
         echo"token";
        //encrypt password
        $password = md5($password);

        //check if username already taken
        mysqli_query($con,"UPDATE Test SET password = '$password'
                    where email = '$email';") or die(mysqli_error($con));



               //register into database


    echo "Added";


           }
        }





    else
    {

    ?>

    <form action='ResetPassword.php' method='POST'>
    Your new password:<br />
    <input type='password' name='password1'><p />


    Re-enter your new password:<br />
    <input type='password' name='password'><p />

    <input type='submit' name='Change Password' value='Change Password'>
    </form>

    <?php

    }

    ?>

1 个答案:

答案 0 :(得分:0)

<?php
    ini_set('display_errors', 1); error_reporting(E_ALL);
    session_start();
    include 'connect.php';
    $token = isset($_GET['token']) ? $_GET['token'] : "";
    if(!empty($token)) {
        $check=mysqli_query($con,"SELECT email FROM Test WHERE reset = '$token'")or die( mysqli_error($con));
        if (mysqli_num_rows($check)> 0) {
          $row = mysqli_fetch_array($check)
          $email = $row['email'];
        }
        else {
          echo 'Email not found with this Token';
        }
    }
    else {
      echo 'Token does not exist';
    }
    if(!empty($email) && isset($_POST['changepass'])) {
      $password1 = mysqli_real_escape_string($con,$_POST['password1']);
      $password = mysqli_real_escape_string($con,$_POST['password']);
      if (!$password){
        echo "Please fill out all fields"; 
      }
      else if ($password1 !== $password) {
         echo "Password don't match";
      }
      else {
        //encrypt password
        $password = md5($password);
        //check if username already taken
        mysqli_query($con,"UPDATE Test SET password = '$password' where email = '$email'") or die(mysqli_error($con));
        echo "Added";
     }
   }
   if(!isset($_POST['changepass'])){?>
    <form action='ResetPassword.php' method='POST'>
    Your new password:<br />
    <input type='password' name='password1'><p />
    Re-enter your new password:<br />
    <input type='password' name='password'><p />
    <input type='hidden' name='token' value='<?php if(isset($_GET['token'])) echo $_GET['token'];?>'>
    <input type='submit' name='changepass' value='Change Password'>
    </form>
    <?php }