你好,我试图把忘记密码放在我的网上,但我有一点问题。我可以将邮件发送给想要重置密码的人,但是当该人重置密码时,它会显示密码重置,但是当我尝试使用新密码登录时,它不起作用。只有旧的才有效。这是我的reset.php文件:
<?php
include('db.php');
if(isset($_GET['action']))
{
if($_GET['action']=="reset")
{
$encrypt = mysqli_real_escape_string($connection,$_GET['encrypt']);
$query = "SELECT id FROM user where md5(90*13+id)='".$encrypt."'";
$result = mysqli_query($connection,$query);
$Results = mysqli_fetch_array($result);
if(count($Results)>=1)
{
}
else
{
$message = 'Invalid key please try again. <a href="http://ocelleslsf.inshea.fr/ocelles/make/fg/#forget">Forget Password?</a>';
}
}
}
elseif(isset($_POST['action']))
{
$encrypt = mysqli_real_escape_string($connection,$_POST['action']);
$password = mysqli_real_escape_string($connection,$_POST['password']);
$query = "SELECT id FROM user where md5(90*13+id)='".$encrypt."'";
//echo $query;
$result = mysqli_query($connection,$query);
$Results = mysqli_fetch_array($result);
if(count($Results)>=1)
{
$query = "update user set password='".md5($password)."' where id='".$Results['id']."'";
mysqli_query($connection,$query);
// echo $query;
$message = "Votre mot de passe changé avec succès <a href=\"http://ocelleslsf.inshea.fr/ocelles/\">Cliquez ici pour vous identifier</a>.";
}
else
{
$message = 'Clé non valide se il vous plaît essayer à nouveau. <a href="http://ocelleslsf.inshea.fr/ocelles/make/fg/#forget">Mot De Passe Oublié?</a>';
}
}
else
{
header("location: /ocelles/make/fg");
}
$content ='<script type="text/javascript" src="jquery-1.8.0.min.js"> </script>
<link rel="stylesheet" href="http://code.jquery.com/ui/1.10.3/themes/smoothness/jquery-ui.css" />
<script src="http://code.jquery.com/ui/1.10.3/jquery-ui.js"></script>
<style type="text/css">
input[type=password]
{
border: 1px solid #ccc;
border-radius: 3px;
box-shadow: inset 0 1px 2px rgba(0,0,0,0.1);
width:200px;
min-height: 28px;
padding: 4px 20px 4px 8px;
font-size: 12px;
-moz-transition: all .2s linear;
-webkit-transition: all .2s linear;
transition: all .2s linear;
}
input[type=password]:focus
{
width: 400px;
border-color: #51a7e8;
box-shadow: inset 0 1px 2px rgba(0,0,0,0.1),0 0 5px rgba(81,167,232,0.5);
outline: none;
}
</style>
<script>
$(function() {
$( "#tabs" ).tabs();
});
function mypasswordmatch()
{
var pass1 = $("#password").val();
var pass2 = $("#password2").val();
if (pass1 != pass2)
{
alert("Les mots de passe ne correspondent pas");
return false;
}
else
{
$( "#reset" ).submit();
}
}
</script>
</head>
<body>
<b>'.$message.'</b>
<div id="tabs" style="width: 480px;">
<ul>
<li><a href="#tabs-1">Réinitialiser mot de passe</a></li>
</ul>
<div id="tabs-1">
<form action="reset.php" method="post" id="reset" >
<p><input id="password" name="password" type="password" placeholder="Entrez nouveau mot de passe">
<p><input id="password2" name="password2" type="password" placeholder="Retaper nouveau mot de passe">
<input name="action" type="hidden" value="'.$encrypt.'" /></p>
<p><input type="button" value="Réinitialiser mot de passe" onclick="mypasswordmatch();" /></p>
</form>
</div>
</div>';
$pre = 1;
$title = "How to create Login and Signup form in PHP";
$heading = "How to create Login and Signup form in PHP.";
include("html.inc");
?>
答案 0 :(得分:0)
好像您正在使用mysqli_real_escape_string来清除和转义$encrypt上的特殊字符,但此字符串可能包含特殊字符。确保mysqli_real_escape_string函数未从$encrypt值中删除任何字符。
答案 1 :(得分:0)
我不确定你的代码的这一部分是做什么的:
...} elseif(isset($_POST['action'])) {
$encrypt = mysqli_real_escape_string($connection,$_POST['action']);
$password = mysqli_real_escape_string($connection,$_POST['password']);
$query = "SELECT id FROM user where md5(90*13+id)='".$encrypt."'";
//echo $query;
$result = mysqli_query($connection,$query);
$Results = mysqli_fetch_array($result);
if(count($Results)>=1) {
$query = "update user set password='".md5($password)."' where id='".$Results['id']."'";
mysqli_query($connection,$query);
$message = "Votre mot de passe changé avec succès <a href=\"http://ocelleslsf.inshea.fr/ocelles/\">Cliquez ici pour vous identifier</a>.";
}...
好像您正在尝试将用户ID与$_POST['action']加密匹配,并且可能无法在数据库中找到任何匹配项。