PHP忘记密码脚本不发送电子邮件

时间:2015-02-17 06:25:12

标签: php mysql forgot-password

我在PHP下面有一个忘记密码脚本。脚本的想法是提交电子邮件地址,然后脚本查看电子邮件地址是否在数据库中,然后更改密码,然后将包含临时地址的电子邮件发送到表单中提交的电子邮件。 / p>

脚本似乎会更改密码并执行所有操作,但实际上不会使用临时密码发送电子邮件。

自从我使用这个脚本(或PHP)以来已经很长时间了,所以任何帮助都会受到赞赏。

    <?php # forgot_password.php

    require_once ('./includes/config.inc.php');
    $page_title = 'Forgot Password';
    include ('./includes/header.html'); 

    if (isset($_POST['submitted'])) { // Handle the form.

       require_once ('database-connection.php');

       if (empty($_POST['user_email'])) { //Validate the email address.
          $uid = FALSE;
          echo 'You forgot to enter your email address!';
       } else {

            $query = "SELECT ID FROM wp_users WHERE user_email='". escape_data($_POST['user_email']) . "'";
            $result = mysql_query ($query)or trigger_error("Query:$query\n<br />MySQL Error: " .mysql_error());
            if (mysql_num_rows($result)== 1) {
            list($uid) = mysql_fetch_array ($result, MYSQL_NUM);

       } else {
            echo 'This email address is not registered';
            $uid = FALSE;
       }
    }

       if ($uid) { // If everything's OK.
          $p = substr ( md5(uniqid(rand(),1)), 3, 10);
          $query = "UPDATE wp_users SET user_pass=SHA('$p') WHERE ID=$uid";
          $result = mysql_query ($query) or trigger_error("Query: $query\n<br />MySQL Error: " .mysql_error());
          if (mysql_affected_rows() == 1) {

            $body = "Your password to log into the site has been temporarily changed to '$p'. 
            Please log in using this password and your username. At that time you may change your password to something more familiar.";
            mail($_POST['user_email'], 'Your temporary password.', $body,
            'From:info@website.com.au'); //From email address
            echo 'Your password has been temporarily changed.
            An email from info@website.com.au will be sent to your registered email address with a new, temporary password which you can log in with.
            Once you have logged in with this password, you may change it by clicking on the "Change Password" link at the bottom of your screen.';
            mysql_close(); // Close the database connection.
            include ('./includes/footer.html'); // Include the HTML footer.
            exit();

          } else { //If it did not run OK.
            echo 'Your password could not be changed due to a system error. We apologize for any inconvenience.';
          }
       } else { // Failed the validation test.
          echo '<p><font color="red"size="+1">Please try again.</font></p>';
       }
       mysql_close(); // Close the database connection.
    } // End of the main Submit conditional.

    ?>

    <p>Enter your email address below and your password will be reset.</p>
    <form action="forgot_password.php" method="post">
       <p><b>Email Address:</b> <input type="text"
       name="user_email" size="30" maxlength="40" value="<?php if (isset($_POST['user_email'])) echo $_POST['user_email']; ?>" /></p>
        <div align="center"><input type="submit" name="submit" value="Reset My Password" /></div>
       <input type="hidden" name="submitted" value="TRUE" />
    </form>

    <?php
    include ('./includes/footer.html');
    ?>

1 个答案:

答案 0 :(得分:0)

在DB中输入密码时,请尽量避免使用散列算法。 SHA是一种散列算法,而不是加密算法。请确保数据库中的密码字段长度必须很长。我认为你的SHA()生成一个长字符串。如果一切正常,请将您的邮件标题更改为以下内容。

$header = "From: noreply@example.com\r\n"; 
$header.= "MIME-Version: 1.0\r\n"; 
$header.= "Content-Type: text/plain; charset=utf-8\r\n"; 
$header.= "X-Priority: 1\r\n"; 

并尝试

mail($to,$from,$message,$header);