我是PHP新手,我一直致力于设置重置密码脚本。我遇到的最大问题是将URL的最后一部分存储到变量$ token中。
我需要确保在用户点击“重置密码”后设置$ token变量。按钮?截至目前,点击按钮后,$ token未设置为任何内容,并且网址变为" www.website.com/resetpassword.php"最后没有令牌。谢谢你的帮助!
这是我的表单代码:
<form method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>">
<div class="login_form">
<h2 style="font-family: Helvetica, sans-serif; font-size: 28pt; padding-top: 50px;">Forgot Password</h2>
<input type="email" name="email" placeholder="Your Email" maxlength="60"/>
<?php
if ( isset($sucMSG) ) {
echo '<span class="successful_registration">'.$sucMSG.'</span>';
}
if ( isset($matchError) ) {
echo '<span class="text-danger">'.$matchError.'</span>';
}
if ( isset($keyError) ) {
echo '<span class="text-danger">'.$keyError.'</span>';
}
?>
<br>
<input type="password" name="pass" placeholder="New Password" maxlength="255" />
<br>
<input type="password" name="cpass" placeholder="Confirm Password" maxlength="255" />
<input type="hidden" name="token" value= "random" />
<br>
<button type="submit" name="btn-reset">Reset Password</button>
<br><br><br>
<br><br><br><br><br><br>
</div>
</form>
这是PHP代码:
if (isset($_POST['btn-reset'])){
// Gather the post data
$email = trim($_POST['email']);
$email = strip_tags($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$cpass = trim($_POST['cpass']);
$cpass = strip_tags($cpass);
$token = $_GET ['token'];
// Retrieve token from database
$stmt = $conn->prepare('SELECT token FROM token WHERE userEmail=? and NOW() < expire_date');
$stmt->bind_param('s', $email);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
$resetKey = $row['token'];
}
// Does the new reset key match the old one?
if ($resetKey == $token && isset($token)){
if ($pass == $cpass){
//hash and secure the password
$password = password_hash($pass, PASSWORD_DEFAULT);
// Update the user's password
$stmt = $conn->prepare('UPDATE user SET userPass = ? WHERE userEmail = ?');
$stmt->bind_param('s', $password);
$stmt->bind_param('s', $email);
$stmt->execute();
$conn = null;
$sucMSG = "Your password has been successfully reset.";
unset($email);
unset($pass);
unset($cpass);
unset($token);
unset($resetKey);
}
else
$matchError = "Your password's do not match.";
}
else
$keyError = "Your password reset key is invalid.";
}
以下是上一步中的PHP代码(forgotpassword.php):
if (isset($_POST['email'])){
$email = trim($_POST['email']);
$email = strip_tags($email);
$email = htmlspecialchars($email);
$stmt = $conn->prepare('SELECT * FROM user WHERE userEmail = ?');
$stmt->bind_param('s', $email);
$stmt->execute();
$result = $stmt->get_result();
$count=mysqli_num_rows($result);
// If the count is equal to one, we will send message other wise display an error message.
if($count==1){
$rows=mysqli_fetch_array($result);
$length = 55;
$token = bin2hex(random_bytes($length));//Creating Token
$create_date = date('Y-m-d H:i:s',strtotime("now"));
$expire_date = date('Y-m-d H:i:s',strtotime("+3 hours"));
//Using prepared statements to prevent SQL Injection
$stmt = $conn->prepare('INSERT INTO token (token, userEmail, create_date, expire_date) VALUES (?, ?, ?, ?)');
$stmt->bind_param('ssss', $token, $email, $create_date, $expire_date);
$stmt->execute();
// Create a url which we will direct them to reset their password
$pwrurl = 'https://www.domain.com/resetpassword.php?token='.$token;
$to = $rows['userEmail'];
//Details for sending E-mail
$from = "Company";
$body = "Company password recovery<br>
-----------------------------------------------<br><br>
Welcome to Company password recovery.
You can reset your password by clicking the following link: $pwrurl.<br><br>
Sincerely,<br><br>
Company";
$from = "support@company.com";
$subject = "Company Password recovered";
$headers1 = "From: $from\n";
$headers1 .= "Content-type: text/html;charset=iso-8859-1\r\n";
$headers1 .= "X-Priority: 1\r\n";
$headers1 .= "X-MSMail-Priority: High\r\n";
$headers1 .= "X-Mailer: Just My Server\r\n";
$sentmail = mail ( $to, $subject, $body, $headers1 );
}
elseif ($_POST['email'] == ""){
$fMSG = "Please enter an email address.";
} /*else {
if ($_POST['email'] != "")
$wMSG = "Cannot send password to your email address. Problem with sending mail.";
}*/
//If the message is sent successfully, display sucess message otherwise display an error message.
if($sentmail==1){
$sMSG = "Your Password Has Been Sent To Your Email Address.";
}
else{
if($_POST['email']!="")
$nMSG = "Cannot send password to your email address. Problem with sending mail.";
}
}
答案 0 :(得分:0)
注意:我发布的是社区维基,因为不应该获得代表收益。
“为什么不将令牌用作隐藏字段而不是查询字符串,只是一个建议。 - HSharma”
...
@ Fred-ii-我不知道如何ping人,但上面的评论最终解决了我的问题。谢谢你的帮助! - jh95“
“@ HSharma建议最终解决了我的问题。我将此添加到我的html表单<?php echo' <input type="hidden" name="token" value="'; if (isset($_GET['token'])) { echo $_GET['token']; } echo '" />' ?>中,并在我的PHP脚本中添加了$token = $_POST ['token'];,现在令牌设置正确。感谢大家为了你的帮助!“
然而正如我在评论中所述:
“由于它的长度最有可能超过列的长度,你需要通过将列更改为更长的值来增加它,一个足够大。然后你需要清除它的值并重新开始;你别无选择。“