恢复密码

时间:2014-07-19 08:45:45

标签: php pdo

我正在尝试为用户添加恢复密码的功能,方法是向他们发送一封电子邮件,其中包含指向可以更改密码的页面的链接。我在数据库中添加了一个名为recover的新表,其中包含字段id,user_id,key和created,当他们向帐户输入要从中恢复密码的电子邮件时,我在recover表中添加了一行。然后,我会向输入的电子邮件发送一封电子邮件,其中包含指向应输入新密码的页面的链接。

我的问题是,即使密码被更改,为什么不会删除recover表中的行?

这是我的代码:

recover.php:

<?php
require_once 'core/init.php';

$user = new User();
if ($user->isLoggedIn()) {
    Redirect::to('index.php');
}

if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
?>
    <!-- Create your message -->
    <p>We've emailed you</p>
<?php
} else if (isset($_GET['key']) === true && empty($_GET['key']) === false) {

    $key = $_GET['key'];
    $userInfo = $user->get_user_by_key($key);

    if (!$userInfo) {
        echo 'user not found';
        //prompt to resend link
    } else {
        //display change password form
        //session_start();
        $_SESSION['user_id'] = $userInfo['user_id'];
        $_SESSION['key'] = $key;
?>
        <div class="page-content">

            <form action="" method="post">
                <h1>Change password</h1>
                <div class="inset">
                <?php
                if (Input::exists()) {
                    if (Token::check(Input::get('token'))) {

                        $validate = new Validate();
                        $validation = $validate->check($_POST, array(
                            'password' => array(
                                'alias' => 'Password',
                                'required' => true,
                                'min' => 6
                            ),
                            'password_again' => array(
                                'alias' => 'Password confirmation', // <--- using the alias
                                'required' => true,
                                'min' => 6,
                                'matches' => 'password'
                            )
                        ));

                        if ($validation->passed()) {

                            $salt = Hash::salt(100);

                            session_start();
                            if(isset($_POST['password'], 
                                     $_POST['password_again'], 
                                     $_SESSION['user_id'], 
                                     $_SESSION['key'])){

                                if ($_POST['password'] === $_POST['password_again']) {
                                    //password should be hashed
                                    $password = Hash::make(Input::get('password'), $salt);
                                    $success = $user->update_user_password($password, $salt, $_SESSION['user_id']);

                                    if ($success) {
                                        $user->delete_key($_SESSION['key']);
                                    } else {
                                        //failed to update password
                                    }
                                } else {
                                    echo 'Password not matching';
                                }
                            }

                            Session::flash('home', 'Your password has been changed');
                            Redirect::to('index.php');


                        } else {
                            foreach ($validation->errors() as $error) {
                                echo '<i class="fa fa-exclamation-triangle"></i>&nbsp;&nbsp;', $error, '<br>';
                                echo '<br />';
                            }
                        }
                    }
                }
                ?>

                <p>
                    <label for="password">PASSWORD</label>
                    <input type="password" name="password" id="password" required>
                </p>
                <p>
                    <label for="password_again">CONFIRM PASSWORD</label>
                    <input type="password" name="password_again" id="password_again" required>
                </p>
                </div>

                <input type="hidden" name="token" value="<?php echo Token::generate(); ?>">
                <p class="p-container">
                    <input type="submit" name="go" id="go" value="Change password">
                </p>

            </form>
        </div>
<?php   
    }

} else {

    $mode_allowed = array('username', 'password');

    if (isset($_GET['mode']) === true && in_array($_GET['mode'], $mode_allowed) === true) {
        if (isset($_POST['email']) === true && empty($_POST['email']) === false) {
            $email = Input::get('email');
            $result = $user->emailExists($email);

            if (!$result) {
                //Your custom error saying that that email does not exist
                echo 'That email does not exist';
            } else {
                $user->recover($_GET['mode'], $email);
                Redirect::to('recover.php?success');
            }
        }
    ?>
        <form action="" method="post">
            <ul>
                <li>
                    Please enter your email address:<br>
                    <input type="text" name="email" placeholder="Enter Email">
                </li>
                <li><input type="submit" class="sub-btn tx-shadow" value="Recover"></li>
            </ul>
        </form>

    <?php
    } else {
        Redirect::to('index.php');
    }
}

User.php中的类:

    public function emailExists($email){
    $sql = "SELECT *
            FROM `users`
            WHERE `email` = ?
    ";
    $data =  $this->_db->query_single($sql, array($email));
    return $data;
}
public function recover($mode, $email) {

    //Get data of user
    $user_data = $this->getUserByEmail($email);
    // Email User

    if ($mode == 'username') {
        $this->sendActivation($email, 'Your Username', 'Hello'.$user_data['username']. '\n\nYour username is: '.$user_data['username'].'\n\nThank you\nBusarna');
    } else if ($mode == 'password') {
        $key = substr(sha1(rand(999, 999999)), 0, 10);
        //update password
        $this->_db->insert('recover', array(
            'user_id' => $user_data['id'],
            'key' => $key,
            'created' => date('Y-m-d H:i:s')
        ));
        //email user password link
        $this->sendActivation($email, 'Your Password', 'Hello'.$user_data['username']. '\n\nClick <a href="localhost/website/recover.php?key='.$key.'">here</a> to change your password\n\nThank you\nBusarna');
    }
}

public function getUserByEmail($email) {
    $sql = "SELECT *
            FROM `users`
            WHERE `email` = ?
            ";

    $result = $this->_db->query_single($sql, array($email));

    return $result;
}

public function get_user_by_key($key) {
    $sql = "SELECT *
            FROM `recover`
            WHERE `key` = ?
            ";

    $result = $this->_db->query_single($sql, array($key));

    return $result;
}

public function delete_key($key) {
    $sql = "DELETE
            FROM `recover`
            WHERE `key` = ?
            ";
    //replace with your delete function
    $result = $this->_db->query_single($sql, array($key));

    return $result;
}


public function update_user_password($password, $salt, $user_id) {
    $sql = "UPDATE users
            SET `password`= ?,
                `salt` = ?
            WHERE `id`= ?";
    //replace with your update function
    $result = $this->_db->query_single($sql, array($password, $salt, $user_id));

    return $result;
}

两种不同的查询功能:

public function query($sql, $params = array()) {
    $this->_error = false;
    if($this->_query = $this->_pdo->prepare($sql)) {
        $x = 1;
        if(count($params)) {
            foreach ($params as $param) {
                $this->_query->bindValue($x, $param);
                $x++;
            }
        }

        if ($this->_query->execute()) {
            $this->_results = $this->_query->fetchAll(PDO::FETCH_OBJ);
            $this->_count = $this->_query->rowCount();
        } else {
            $this->_error = true;
        }
    }

    return $this;
}

public function query_single($sql, $params = array()) {
    $this->_error = false;
    if($this->_query = $this->_pdo->prepare($sql)) {
        $x = 1;
        if(count($params)) {
            foreach ($params as $param) {
                $this->_query->bindValue($x, $param);
                $x++;
            }
        }

        if ($this->_query->execute()) {
            $this->_results = $this->_query->fetch(PDO::FETCH_ASSOC);
            $this->_count = $this->_query->rowCount();
        } else {
            $this->_error = true;
        }
    }

    return $this->_results;
}

如果你们需要其他任何东西来帮助我,请告诉我。

有谁知道我应该如何继续?所有帮助表示赞赏。

提前致谢,

Busarna

1 个答案:

答案 0 :(得分:2)

你走在正确的轨道上,你只需要更多的逻辑:

public function get_user_by_key($key) {
    $sql = "SELECT *
            FROM `recover`
            WHERE `key` = ?
            ";

    $result = $this->_db->query_single($sql, array($key));

    return $result;
}


public function delete_key($key) {
    $sql = "DELETE
            FROM `recover`
            WHERE `key` = ?
            ";
    //replace with your delete function
    $result = $this->_db->query_single($sql, array($key));

    return $result;
}


public function update_user_password($password, $user_id) {
    $sql = "UPDATE Customers
            SET `password`= ?
            WHERE `user_id`=?";
    //replace with your update function
    $result = $this->_db->query_single($sql, array($password, $user_id));

    return $result;
}

您可以通过以下方式使用该功能:

if(isset($_GET['key'])){
    $key = $_GET['key'];
    $user = get_user_by_key($key);

    if(!$user){
        echo 'user not found';
        //prompt to resend link
    }else{
        //display change password form
        session_start();
        $_SESSION['user_id'] = $user['user_id'];
        $_SESSION['key'] = $key;
    }
}

然后,当用户发布信息时,请执行以下操作:

session_start();
if(isset($_POST['password'], 
         $_POST['password_confirmation'], 
         $_SESSION['user_id'], 
         $_SESSION['key'])){

    if($_POST['password'] === $_POST['password_confirmation']){
        //password should be hashed
        $success = update_user_password($password, $_SESSION['user_id']);

        if($success){
            delete_key($_SESSION['key']);
        }else{
            //failed to update password
        }
    }else{
        echo 'Password not matching';
    }
}