Question

我收到一封重置密码的电子邮件，但每当我点击该链接时，它应该转到我的“change_password.php”，但它直接转到我的“index.php”，这使得用户无法更改或重设密码。

我的链接包含我设置的id和code，每当发送电子邮件时，数据库中的代码都会更新，但是链接不起作用。

这就是我的链接：

mywebsite.com/change_password.php?user_id=29&key=233602

但是当我点击它时，它应该引导我到这个页面，我的change_password.php

<?php 
error_reporting(E_ALL);
ini_set('display_errors', 1);

include 'lib/password.php';
$db = new mysqli('localhost', 'user', 'pass', 'db');
if($_GET['user_id']!="" && $_GET['key']!=""):
    $id=mysqli_real_escape_string(trim($db,$_GET['user_id']));
    $code=mysqli_real_escape_string(trim($db,$_GET['key']));
    $fetch=$db->query("SELECT * FROM `profile` WHERE id='$id' AND `code` = '$code'");
    $count=mysqli_num_rows($fetch);
    if($count!=1) :
      header("Location:index.php");
    endif;
else :
    header("Location:index.php");
endif;
?>
    <?php include 'home-header.php'; ?>
</head>
<body>  
 <?php include 'home-navbar.php'; ?>

       <div class="modal-dialog">
        <h2>Forgot Password Recovery</h2>

        <div class="modal-content col-md-8">
        <div class="modal-header">
        <h4 class="modal-title"><i class="icon-paragraph-justify2"></i> Change New Password</h4>
        </div>
        <form method="post" autocomplete="off" id="password_form">
          <div class="modal-body with-padding">                             
          <div class="form-group">
            <div class="row">
              <div class="col-sm-10">
                <label>New Password</label>
                <input type="password" id="passwords" name="password"  class="form-control required">
              </div>
            </div>
          </div>
          <div class="form-group">
          <div class="row">
            <div class="col-sm-10">
              <label>Confirm password</label>
              <input type="password" id="cpassword" name="cpassword" title="Password is mismatch" equalto="#passwords" class="form-control required" value="">
            </div>
          </div>
          </div>         
          </div>
          <div id="error_result"></div>
          <!-- end Add popup  -->  
          <div class="modal-footer">
            <input type="hidden" name="id" value="<?php echo $id; ?>" id="id">
            <button type="submit" id="btn-pwd" class="btn btn-primary">Submit</button>              
          </div>
        </form>          
        </div>        
        </div> 

<?php include 'home-footer.php';?>
<script>  
  $(document).ready(function(){
    $(document).on('click','#btn-pwd',function(){
      var url = "new_password.php";       
      if($('#password_form').valid()){
        $('#error_result').html('<img src="ajax.gif" align="absmiddle"> Please wait...');  
        $.ajax({
        type: "POST",
        url: url,
        data: $("#password_form").serialize(),
          success: function(data) {                    
            if(data==1)
            {
              $('#error_result').html('Password reset successfully.');
              window.setTimeout(function() {
              window.location.href = 'index.php?sucess=1';
              }, 1000);
            } 
            else
            {
              $('#error_result').html('Password reset failed. Enter again.');              
            }
          }
        });
      }
      return false;
    });
});
</script>

但它不是指示我访问该页面，而是在我点击链接时转到index.php。为什么？

我的PHP邮件：

 <?php 
  $db = new mysqli('localhost', 'user', 'pass', 'db');
  if($_POST['email']!=""):
      $email=mysqli_real_escape_string($db,$_POST['email']);
      $db_check=$db->query("SELECT * FROM `profile` WHERE email='$email'");
      $count=mysqli_num_rows($db_check);
      if($count==1) :
         $row=mysqli_fetch_array($db_check);
         $code= rand(10000,1000000);
         $link = 'mywebsite.com/change_password.php?user_id='.$row['id'].'&key='.$code;         
         $fetch=$db->query("UPDATE `profile` SET `code` = '$code' WHERE `email`='$email' ");
         $to="$email"; 
         $strSubject="Password Recovery Link";
         $message = '<p>Password Recovery Link : '.$link.'</p>' ;              
         $headers = 'MIME-Version: 1.0'."\r\n";
         $headers .= 'Content-type: text/html; charset=iso-8859-1'."\r\n";
         $headers .= "From: no-reply@mywebsite.com";            
         $mail_sent=mail($to, $strSubject, $message, $headers);  
          if($mail_sent) echo 1;
          else echo 0;  
      else :
        echo 0;
      endif;
  else :
      header("Location:index.php");
  endif;
?>

Answer 1

其他人正在查看if语句，我想知道您的trim来电是否是问题。

更改此

$id=mysqli_real_escape_string(trim($db,$_GET['user_id']));
$code=mysqli_real_escape_string(trim($db,$_GET['key']));

到

$id=mysqli_real_escape_string($db,trim($_GET['user_id']));
$code=mysqli_real_escape_string($db,trim($_GET['key']));

你正在“修剪”$db，而不是你的变量。

Answer 2

这应该是相对简单的故障排除。试试这个：

LeveledCompactionStrategy

请注意其他error_reporting(E_ALL); ini_set('display_errors', 1); include 'lib/password.php'; echo 'STILL GOOD!'; exit; $db = new mysqli('localhost', 'user', 'pass', 'db'); if($_GET['user_id']!="" && $_GET['key']!=""): echo 'DATA!'; exit; $id=mysqli_real_escape_string(trim($db,$_GET['user_id'])); $code=mysqli_real_escape_string(trim($db,$_GET['key'])); $fetch=$db->query("SELECT * FROM `profile` WHERE id='$id' AND `code` = '$code'"); $count=mysqli_num_rows($fetch); if($count!=1) : echo 'NO ROWS!'; exit; header("Location:index.php"); endif; else : echo 'NO DATA!'; exit; header("Location:index.php"); endif;和echo语句。点击您的链接，查看您收到的消息，删除并重复，直到您缩小其失败的位置。

正如@ imvain2所指出的那样，exit应该是mysqli_real_escape_string(trim($db,$_GET['user_id']))，这样你的SQL查询就无法提取任何结果并导致重定向到index.php。

邮件中发送的链接重置密码不起作用

2 个答案: