我正在尝试编写用于重置密码的脚本,我已将令牌放入数据库,并检查令牌是否存在于数据库中,以及我将要重置数据库的部分。但由于某种原因,它正在更新没有令牌的数据库。我不知道为什么......我对编码很新,希望我的代码不太难以阅读并且有太多缺陷。
<?php
ini_set('display_errors', 1); error_reporting(E_ALL);
session_start();
include 'connect.php';
$token = isset($_GET['token'])?$_GET['token']:"";
echo"$token";
$check=mysqli_query($con,"SELECT email FROM Test WHERE reset = '$token'")or die( mysqli_error($con));
while($row = mysqli_fetch_array($check)){
$email = $row['email'];
}
if (mysqli_num_rows($check)==0)
echo ("Token Doesnt exist");
elseif($_POST) {
//get form data
$password1 = mysqli_real_escape_string($con,$_POST['password1']);
$password = mysqli_real_escape_string($con,$_POST['password']);
if (!$password){
echo "Please fill out all fields";
}
else if ($password1 !== $password)
{
echo "Password don't match";
}
else
{
echo"$email";
echo"token";
//encrypt password
$password = md5($password);
//check if username already taken
mysqli_query($con,"UPDATE Test SET password = '$password'
where email = '$email';") or die(mysqli_error($con));
//register into database
echo "Added";
}
}
else
{
?>
<form action='ResetPassword.php' method='POST'>
Your new password:<br />
<input type='password' name='password1'><p />
Re-enter your new password:<br />
<input type='password' name='password'><p />
<input type='submit' name='Change Password' value='Change Password'>
</form>
<?php
}
?>
答案 0 :(得分:0)
试
<?php
ini_set('display_errors', 1); error_reporting(E_ALL);
session_start();
include 'connect.php';
$token = isset($_GET['token']) ? $_GET['token'] : "";
if(!empty($token)) {
$check=mysqli_query($con,"SELECT email FROM Test WHERE reset = '$token'")or die( mysqli_error($con));
if (mysqli_num_rows($check)> 0) {
$row = mysqli_fetch_array($check)
$email = $row['email'];
}
else {
echo 'Email not found with this Token';
}
}
else {
echo 'Token does not exist';
}
if(!empty($email) && isset($_POST['changepass'])) {
$password1 = mysqli_real_escape_string($con,$_POST['password1']);
$password = mysqli_real_escape_string($con,$_POST['password']);
if (!$password){
echo "Please fill out all fields";
}
else if ($password1 !== $password) {
echo "Password don't match";
}
else {
//encrypt password
$password = md5($password);
//check if username already taken
mysqli_query($con,"UPDATE Test SET password = '$password' where email = '$email'") or die(mysqli_error($con));
echo "Added";
}
}
if(!isset($_POST['changepass'])){?>
<form action='ResetPassword.php' method='POST'>
Your new password:<br />
<input type='password' name='password1'><p />
Re-enter your new password:<br />
<input type='password' name='password'><p />
<input type='hidden' name='token' value='<?php if(isset($_GET['token'])) echo $_GET['token'];?>'>
<input type='submit' name='changepass' value='Change Password'>
</form>
<?php }