我有一个密码重置脚本,它具有电子邮件和密码验证功能。如果脚本无法满足验证,如何让用户将用户重定向到相同的URL(即" https://www.domain.com/resetpassword.php?token= ...")?目前,如果验证测试失败,则会将用户重定向到URL:https://www.domain.com/resetpassword.php。令牌现已消失,密码重置页面变得无用。
这是我的PHP代码:
<?php
ob_start();
session_start();
include 'connect.php';
// Was the form submitted?
if (isset($_POST['btn-reset']))
{
// Gather the post data
$email = trim($_POST['email']);
$email = strip_tags($email);
$pass = trim($_POST['pass']);
$pass = strip_tags($pass);
$cpass = trim($_POST['cpass']);
$cpass = strip_tags($cpass);
//basic email validation
if ( !filter_var($email,FILTER_VALIDATE_EMAIL) ) {
$error = true;
$emailError = "Please enter valid email address.";
}
// password validation
if (empty($pass)){
$error = true;
$passError = "Please enter password.";
} else if(strlen($pass) < 6) {
$error = true;
$passError = "Password must have at least 6 characters.";
} else if($pass != $cpass) {
$error = true;
$passError = "Passwords do not match.";
}
// if there's no error, continue to process
if( !$error ) {
$token = $_POST ['token'];
// Retrieve token from database
$stmt = $conn->prepare('SELECT token FROM token WHERE userEmail=? and NOW() < expire_date');
$stmt->bind_param('s', $email);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
$resetKey = $row['token'];
}
// Does the new reset key match the old one?
if ($resetKey == $token && isset($token))
{
if ($pass == $cpass)
{
//hash and secure the password
$password = password_hash($pass, PASSWORD_DEFAULT);
// Update the user's password
$stmt = $conn->prepare('UPDATE user SET userPass = ? WHERE userEmail = ?');
$stmt->bind_param('ss', $password, $email);
$stmt->execute();
$conn = null;
$sucMSG = "Your password has been successfully reset.";
unset($email);
unset($pass);
unset($cpass);
unset($token);
unset($resetKey);
}
else
$matchError = "Your password's do not match.";
}
else
$keyError = "Your password reset key is invalid.";
}
}
?>
然后,如果设置了错误的值,我会使用PHP在我的表单中出现错误。