这些天我对密码恢复计划存在严重问题。当我在if(isset($_POST['pass-submit']))上编写reset.php?recoverykey=6602f445b4736ef3363a31e05750022d时。当有人点击表单的“提交”按钮时,它应该保留在同一页面进行处理,即在reset.php?recoverykey=6602f445b4736ef3363a31e05750022d上。但相反,它将我们带到reset.php,其中没有代码可以工作,因为变量recoverykey为空。即使在使用header("Location: reset.php?recoverykey=$recovery_code");之后,也没有任何效果。
我希望它在单击“提交”按钮后保持原样,以便PHP可以根据程序检查密码和确认密码字段是否相同或不正确。
以下是reset.php中的所有代码:
<?php
ob_start();
session_start();
?>
<!DOCTYPE html>
<head>
<meta name="robots" content="noindex" />
<link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
<title>Reset Password</title>
</head>
<?php
include('db-config.php');
function show_change_pass_form(){
?>
<form class="iqform" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<h3>Change your Password</h3>
<label><span class="text-danger"><?php echo $passError ?></span><input type="password" placeholder="New Password" name="new-pass" required /></label>
<label><span class="text-danger"><?php echo $Con_passError; ?></span><input type="password" placeholder="Confirm Password" name="confirm-new-pass" required /></label>
<input type="submit" value="Change Password" name="pass-submit" />
</form>
<?php
}
$recovery_code = $_GET['recoverykey'];
if(empty($recovery_code)){
echo 'Looks like you landed elsewhere.';
}
$sql = "SELECT * FROM RegisteredMembers WHERE RecoveryCode='$recovery_code'";
$result = mysql_query($sql);
if($result){
$count = mysql_num_rows($result);
if($count==1){
if( isset($_POST['pass-submit']) ){
header("Location: reset.php?recoverykey=$recovery_code");
$pass = $_POST['new-pass'];
$Con_pass = $_POST['confirm-new-pass'];
// Confirmation
if($pass==$Con_pass){
$sql1 = "UPDATE RegisteredMembers SET password = '$pass' WHERE RecoveryCode = '$recovery_code'";
$output = mysql_query($sql1);
echo $output;
$error = false;
$passError = "Password successfully changed. Feel free to Log In.";
} else if(!($pass==$Con_pass)){
$error = true;
$Con_passError = "The Password isn't matching. Be sure you remember the New Password.";
} else if(empty($pass)){
$error = true;
$passError = "Please do not keep the password empty.";
} else if(empty($Con_pass)){
$error = true;
$Con_passError = "Please do not keep this field empty.";
}
}
show_change_pass_form();
} else if($count==0) {
echo "No such recovery code, please don't try Spamming around!";
}
}
?>
<?php ob_end_flush(); ?>
这是forget.php中的代码(我添加了它虽然没有太多必要):
<?php
ob_start();
session_start();
include('db-config.php');
if(isset($_POST['forgot-submit'])){
$recovery_user = $_POST['forgot-email'];
$query = "SELECT * FROM RegisteredMembers WHERE userEmail='$recovery_user'";
$output = mysql_query($query);
$count = mysql_num_rows($output);
$row = mysql_fetch_array($output);
if($count==1){
$error = false;
// Mail the Recovery link
$recovery_code = md5(uniqid(rand()));
$mTo = $recovery_user;
$mFrom = 'From: '.$website_details['name'].' Team '.'<'.$website_details['email'].'>';
$mSubject = $website_details['name']." Account recovery Mail";
// Message
$mMsg[0] = "Hi ".$row['fname'].", \r\n";
$mMsg[1] = "This is the password recovery email which you have requested just few minutes before. <b>(If you havn't requested, you may kindly ingnore this Email)</b>";
$mMsg[2] = "Here's your <a href='$web_path/reset.php?recoverykey=$recovery_code'>Password Recovery Link</a>. Clicking it would allow you to change your existing password into a new one.";
$mFinMsg = $mMsg[0].$mMsg[1].$mMsg[2];
$sendRecMail = mail( $mTo , $mSubject , $mFinMsg , $mFrom );
// Add recovery code to Database
$mysql = "UPDATE RegisteredMembers SET RecoveryCode='$recovery_code' WHERE userEmail='$recovery_user'";
$result = mysql_query($mysql);
if($result){
$error = false;
$forgotEmailMsg = "Thanks, Check your Email for recovering your password.";
} else{
echo "Looks like there's a Disturbance and Load on server. Try again later.";
}
} else if(strlen($recovery_user)==0){
$error = true;
$forgotEmailMsg = "Please do not leave this field empty.";
} else{
$error = true;
$forgotEmailMsg = "No such Email found in Database.";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="robots" content="noindex" />
<link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
<title>Password Recovery</title>
</head>
<body>
<form class="iqform" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<h3>Password Recovery</h3>
<label><span class="text-danger"><?php echo $forgotEmailMsg; ?></span><input type="email" placeholder="Your registered Email" name="forgot-email" required /></label>
<input type="submit" value="Next" name="forgot-submit" />
</form>
</body>
</html>
<?php ob_end_flush(); ?>
Forget.php一切都还可以,但也许你可以从中引用一些东西。
答案 0 :(得分:0)
我认为你不需要使用标题功能重定向用户。在reset.php中,在表单操作中,您应该替换:
<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>
使用:
<?php echo $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']; ?>
PHP_SELF只返回脚本名称而不返回查询字符串,因此您的页面将不会在网址中包含recoverykey字段。
你不应该使用mysql_ *函数,因为php-mysql扩展已被弃用并已从Php 7中删除
在reset.php中也不需要ob_start(),ob_end_flush()和session_start()
答案 1 :(得分:-1)
if(isset($_POST['submit'])){
header("Location:https://www.example.com/subname/");
exit; // Exit should always be called after a redirection to
// cease further PHP code execution.
}
提交后使用此代码进行重做。