Question

我有一个重置密码链接，似乎不会处理$_GET('variable')。忘记密码表格：

<?php
$error = $email = "";

if (isset($_POST['email']))
  {
    $email = sanitizeString($_POST['email']);
    $com_code = md5(uniqid(rand()));

    if ($email == "")
        $error = "Not all fields were entered<br>";
    else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) 
      $error='Email is invalid';
    else
    {
      $resultE = queryMySQL("SELECT email FROM users WHERE email='$email'");

      if ($resultE->num_rows == 0)
      {
        $error = "<span class='error'>Email
                  error</span><br><br>";
      }else
      {
        queryMysql("UPDATE users SET com_code='$com_code' WHERE email='$email'");
        $mail_to = $email;
        $subject = 'Reset your password ';
        $body_message = 'Please click on this link to reset password ';
        $body_message .= '<a href="http://tickets.dundaah.com/tickets/php/edit_profile/reset_pass.php?passkey=$com_code">Activate</a>';
        $headers  = 'MIME-Version: 1.0' . "\r\n";
        $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
        $mail_status = mail($mail_to, $subject, $body_message, $headers);
        if(isset($_SESSION['url'])) 
           $url = $_SESSION['url'];
        else 
           $url = "../../index.php"; 

        header("Location:$url"); 
      }
    }
  }
?>

重设密码表格：

<?php
$error = $pass ="";

  if (isset($_POST['pass']))
  {
    $pass = sanitizeString($_POST['pass']);

    $salt1    = "qm&h*";
    $salt2    = "pg!@";
    $token    = hash('ripemd128', "$salt1$pass$salt2");
    $passkey = $_GET['passkey'];

    if ($pass == "")
      $error = "Enter all fields";
     //put if else statements here
    else if (preg_match("/[^a-zA-Z0-9_-]/", $pass)){
      $error='Remove spaces,numbers,special characters';
    }
    else
    {
      $resultpassw = queryMysql("SELECT * FROM users WHERE com_code='$passkey' ");

      if ($resultpassw->num_rows == 0)
        $error = "&nbsp;&#x2718; Confirmation not sent";
      else
      {
        queryMysql("UPDATE users SET pass='$token', updated=CURRENT_TIMESTAMP WHERE com_code='$passkey'");

        header("Location:../../profile.php"); 
      }
    }
  }
?>

持续发生的错误是'确认未发送'，意味着表'用户'之前没有插入com_code，但是当我通过phpmyadmin查看表时，com_code就在那里。我错的地方

Answer 1

忘记密码形式，请尝试以下。

<?php
    $error = $email = "";

 if (isset($_POST['email']))
 {
$email = sanitizeString($_POST['email']);
$com_code = md5(uniqid(rand()));

if ($email == "")
    $error = "Not all fields were entered<br>";
else if (!filter_var($email, FILTER_VALIDATE_EMAIL)) 
  $error='Email is invalid';
else
{
  $resultE = queryMySQL("SELECT email FROM users WHERE email='$email'");

  if ($resultE->num_rows == 0)
  {
    $error = "<span class='error'>Email
              error</span><br><br>";
  }else
  {
    queryMysql("UPDATE users SET com_code='$com_code' WHERE email='$email'");
    $mail_to = $email;
    $subject = 'Reset your password ';
    $body_message = 'Please click on this link to reset password ';
    $body_message .= '<a href="http://tickets.dundaah.com/tickets/php/edit_profile/reset_pass.php?passkey='.$com_code.'">Activate</a>';
    $headers  = 'MIME-Version: 1.0' . "\r\n";
    $headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
    $mail_status = mail($mail_to, $subject, $body_message, $headers);
    if(isset($_SESSION['url'])) 
       $url = $_SESSION['url'];
    else 
       $url = "../../index.php"; 

    header("Location:$url"); 
  }
}
}
?>

我在这里改了一行。

$body_message .= '<a href="http://tickets.dundaah.com/tickets/php/edit_profile/reset_pass.php?passkey='.$com_code.'">Activate</a>';

因为$ com_code是动态值所以你需要以它的方式传递它，所以php可以获取它的值，而不是将它作为静态值。

Answer 2

想想我会使用会话。 forgot_pass.php：

$com_code = md5(uniqid(rand()));
$_SESSION["com_code_sesh"] = $com_code;

reset_pass.php：

$passkey = $_SESSION["com_code_sesh"];

重置密码链接无效

2 个答案: