密码重置链接:“TO”电子邮件地址无效

时间:2015-05-10 19:25:08

标签: php email mail-form

我在PHP中创建了一个密码重置功能。<​​/ p>

它工作得很好...........除了因为某些原因,我无法设置收件人的电子邮件地址:“ TO

代码以这种方式工作:

(a)要求用户提供他的登录名/用户名 (b)php向数据库发送sql查询; (c)如果找到用户名,php将获取电子邮件地址,并通过电子邮件发送重置链接 (d)此重置链接附有唯一的“令牌” (e)用户点击其电子邮件中的链接,并重新定向到他重置密码的新页面

一切正常............除了电子邮件结构本身。该电子邮件包括: TO,CC,SUBJECT,BODY和HEADERS

除了实际的“ TO ”外,所有内容都在显示..........

事实上,我知道代码有效的唯一原因是因为我通过“ CC ”获得了电子邮件的副本

这是我的代码:

  if(isset($_POST['submit'])) {

  $login = $_POST['login'];

  $query = "select * from personal_data where login='$login'";
  $result = mysqli_query($conn,$query);
  $count=mysqli_num_rows($result);
  $rows=mysqli_fetch_array($result);


  if($count==0) {

 echo "Sorry; that username does not exist in our database";
 }

else {

 function getRandomString($length) 
   {
$validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZ123456789!#+=%&/?*$";
$validCharNumber = strlen($validCharacters);
$result = "";

for ($i = 0; $i < $length; $i++) {
    $index = mt_rand(0, $validCharNumber - 1);
    $result .= $validCharacters[$index];
 }
 return $result;    }

$token=getRandomString(40);
$q="insert into token (token,login) values ('".$token."','".$login."')";
mysqli_query($conn,$q);

function mailresetlink($to,$token){

$to = $rows['email'];
$subject = "Password Reset";
$uri = 'http://'.$_SERVER['HTTP_HOST'] ;
$message = '
<html>
<head>
<title>Password Reset Link</title>
</head>
<body>
<p>We received a Password-Reset request from your account.</p>
<p>Click on the following link to reset your password : <a   
href="'.$uri.'/PHP/password_reset?token='.$token.'">Reset Password</a></p>
</body>
</html>
 ';
 $headers = "MIME-Version: 1.0" . "\r\n";
 $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
 $headers .= 'From: Support<support@xxxxx.com>' . "\r\n";
 $headers .= 'Bcc: Info<info@xxxxx.com>' . "\r\n";

 if(mail($to, $subject, $message, $headers))     {

  echo "A password reset link has been sent to your email address."

    }
 }

 if(isset($_POST['login'])) { 
    mailresetlink($email,$token);

    exit();
            } 

     }
  }

2 个答案:

答案 0 :(得分:2)

您的代码无法正常工作的原因是由于某些原因。

其中一个是$rows需要驻留在function mailresetlink($to,$token)函数的参数中。

将其更改为function mailresetlink($to,$token,$rows)并对if(isset($_POST['login'])){...}

中的内容执行相同操作 
if(isset($_POST['login'])) { 
    mailresetlink($email,$token,$rows);

    exit();
            }

另外,如果不是拼写错误或粘贴不好;这一行还有一个缺少的分号:

echo "A password reset link has been sent to your email address."
                                                                 ^ right there

完成上述所有操作后,在测试期间成功将所有信息发送到了电子邮件。

旁注:您目前的代码向SQL injection开放。使用mysqli with prepared statementsPDO with prepared statements它们更安全

答案 1 :(得分:0)

您无法在if或while或任何范围内定义函数。在打算使用它们之前或之后定义它们。请尝试使用以下代码:

<?php
if ( isset($_POST['submit']) ) {

    $login = $_POST['login'];
    $email = $_POST['email'];


    $query = "select * from personal_data where login='$login'";
    $result = mysqli_query($conn, $query);
    $count = mysqli_num_rows($result);
    $rows = mysqli_fetch_array($result);


    if ($count == 0) {

        echo "Sorry; that username does not exist in our database";
    } else {


        if (isset($_POST['login'])) {
            mailresetlink($email, $token, $rows);

            exit();
        }

    }
}

function getRandomString($length)
{
    $validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZ123456789!#+=%&/?*$";
    $validCharNumber = strlen($validCharacters);
    $result = "";

    for ($i = 0; $i < $length; $i++) {
        $index = mt_rand(0, $validCharNumber - 1);
        $result .= $validCharacters[$index];
    }
    return $result;
}

$token = getRandomString(40);
$q = "insert into token (token,login) values ('" . $token . "','" . $login . "')";
mysqli_query($conn, $q);

function mailresetlink($to, $token, $rows)
{

    $to = $rows['email'];
    $subject = "Password Reset";
    $uri = 'http://' . $_SERVER['HTTP_HOST'];
    $message = '
        <html>
        <head>
            <title>Password Reset Link</title>
        </head>
        <body>
        <p>We received a Password-Reset request from your account.</p>

        <p>Click on the following link to reset your password : <a
                href="' . $uri . '/PHP/password_reset?token=' . $token . '">Reset Password</a></p>
        </body>
        </html>
        ';
    $headers = "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
    $headers .= 'From: Support <support@xxxxx.com>' . "\r\n";
    $headers .= 'Bcc: Info <info@xxxxx.com>' . "\r\n";

    if (mail($to, $subject, $message, $headers)) {

        echo "A password reset link has been sent to your email address.";

    }
}
?>

另外,请注意Quentin关于防止SQL注入的建议。

我做的是:

  • getRandomString阻止
    • 之后移动了mailresetlinkif
  • $rows函数添加了参数mailresetlink,因此可以找到$rows变量的使用(超出范围)

你还需要定义$email,因为它没有在任何地方设置,所以我为你做了(我想你也有一个名为email的输入字段

测试它,它应该工作。

相关问题
最新问题