PHP密码重置

时间:2015-11-06 12:26:11

标签: php

我一直在重写旧的密码重置以帮助学习PHP。

我想知道是否有一些部分我应该更新,因为它仍然会出错。 

if(isset($_POST['reset'])){
    $email = $_POST['email'];

    $stmt=$conn->prepare("SELECT email FROM users WHERE email=:email");
    $stmt->execute(array("email"=>$email));
    $userRow=$stmt->fetchColumn();

    if($userRow == '0'){
        $error[] = 'Sorry, we cannot find your account details.  Please try another email address.';
    }else{
        $stmt=$conn->prepare("SELECT lname FROM users WHERE email=:email");
        $stmt->execute(array(":email"=>$email));
        $userRow1=$stmt->fetch(PDO::FETCH_ASSOC);

        //$userRow = PDO::FETCH_ASSOC($stmt);
        $password = substr(md5(uniqid(rand(),1)),3,10);
        $pass = md5($password);

        $to = "$email";
        $subject = "ClientCheck Account Recovery";
        $body = "Hi, $userRow1 \n\n Your password has been reset. \n\n Your password now is: $password \n\n Kind regards\n ClientCheck";

        $additionalheaders = "From: <no-reply@clientcheck.co.uk>";
        $additionalheaders .= "Reply-To: no-reply@clientcheck.co.uk";

        $stmt=$conn("UPDATE users SET password=:password WHERE email-:email");
        $stmt->execute(array(":password"=>$password,":email"=>$email));
        $userRow2=$stmt->rowCount();
    }
}

if(!empty($error)){
    $i = '0';
    while($i < count($error)){
        echo "$error[$i]";
        $i ++;
    }
}
  

注意:第31行的/forgottenpassword.php中的数组到字符串转换
  致命错误:函数名称必须是第36行/forgottenpassword.php中的字符串

我知道发送重置密码并不是安全性方面的最佳步骤,但我希望在此级别上做到正确,然后继续推进更安全的重置方法。

2 个答案:

答案 0 :(得分:1)

检查此行

$stmt=$conn("UPDATE users SET password=:password WHERE email-:email");
                                                            ^// this should be equals.

答案 1 :(得分:1)

必须更正两行,变量$ body中的一行是PDO的结果数组和准备语句的行:

<?php
if(isset($_POST['reset'])){
    $email = $_POST['email'];

    $stmt=$conn->prepare("SELECT email FROM users WHERE email=:email");
    $stmt->execute(array("email"=>$email));
    $userRow=$stmt->fetchColumn();

    if($userRow == '0'){
        $error[] = 'Sorry, we cannot find your account details.  Please try another email address.';
    }else{
        $stmt=$conn->prepare("SELECT lname FROM users WHERE email=:email");
        $stmt->execute(array(":email"=>$email));
        $userRow1=$stmt->fetch(PDO::FETCH_ASSOC);

        //$userRow = PDO::FETCH_ASSOC($stmt);
        $password = substr(md5(uniqid(rand(),1)),3,10);
        $pass = md5($password);

        $to = "$email";
        $subject = "ClientCheck Account Recovery";
        $body = "Hi, ".$userRow1['username']."\n\n Your password has been reset. \n\n Your password now is: $password \n\n Kind regards\n ClientCheck"; // changed here

        $additionalheaders = "From: <no-reply@clientcheck.co.uk>";
        $additionalheaders .= "Reply-To: no-reply@clientcheck.co.uk";

        $stmt=$conn->prepare("UPDATE users SET password=:password WHERE email=:email"); // changed here
        $stmt->execute(array(":password"=>$password,":email"=>$email));
        $userRow2=$stmt->rowCount();
    }
}

if(!empty($error)){
    $i = '0';
    while($i < count($error)){
        echo "$error[$i]";
        $i ++;
    }
}
相关问题
最新问题