以PHP格式

时间:2017-04-06 08:02:49

标签: php html forms validation error-handling

我一直在制作一张表格,其中reset.php正在恢复密码。我已经根据恢复邮件进入后密码更改进行了编程。但障碍只是一个小错误,单击更改密码按钮后不会显示任何消息。注意* =密码更改,但即使使用if..else..设置,也只显示错误/成功消息。

以下是forgot.php的代码(完美地工作并与reset.php相关联)

<?php

    ob_start();
    session_start();
    include('db-config.php');

    if(isset($_POST['forgot-submit'])){
        $recovery_user = $_POST['forgot-email'];
        $query = "SELECT * FROM RegisteredMembers WHERE userEmail='$recovery_user'";
        $output = mysql_query($query);
        $count = mysql_num_rows($output);
        $row = mysql_fetch_array($output);
        if($count==1){
            $error = false;

            // Mail the Recovery link
            $recovery_code = md5(uniqid(rand()));
            $mTo = $recovery_user;
            $mFrom = 'From: '.$website_details['name'].' Team '.'<'.$website_details['email'].'>';
            $mSubject = $website_details['name']." Account recovery Mail";
                // Message
                $mMsg[0] = "Hi ".$row['fname'].", \r\n";
                $mMsg[1] = "This is the password recovery email which you have requested just few minutes before. <b>(If you havn't requested, you may kindly ingnore this Email)</b>";
                $mMsg[2] = "Here's your <a href='$web_path/reset.php?recoverykey=$recovery_code'>Password Recovery Link</a>. Clicking it would allow you to change your existing password into a new one.";
                $mFinMsg = $mMsg[0].$mMsg[1].$mMsg[2];
            $sendRecMail = mail( $mTo , $mSubject , $mFinMsg , $mFrom );

            // Add recovery code to Database
            $mysql = "UPDATE RegisteredMembers SET RecoveryCode='$recovery_code' WHERE userEmail='$recovery_user'";
            $result = mysql_query($mysql);
            if($result){
                $error = false;
                $forgotEmailMsg = "Thanks, Check your Email for recovering your password.";
            } else{
                echo "Looks like there's a Disturbance and Load on server. Try again later.";
            }
        } else if(strlen($recovery_user)==0){
            $error = true;
            $forgotEmailMsg = "Please do not leave this field empty.";
        } else{
            $error = true;
            $forgotEmailMsg = "No such Email found in Database.";
        }
    }

?>
<!DOCTYPE html>
<html>
    <head>
        <meta name="robots" content="noindex" />
        <link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
        <title>Password Recovery</title>
    </head>
    <body>
        <form class="iqform" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
            <h3>Password Recovery</h3>
            <label><span class="text-danger"><?php echo $forgotEmailMsg; ?></span><input type="email" placeholder="Your registered Email" name="forgot-email" required /></label>
            <input type="submit" value="Next" name="forgot-submit" />
        </form>
    </body>
</html>
<?php ob_end_flush(); ?>

以下是reset.php的代码。 (这是实际问题仍然存在的页面)

<?php
    ob_start();
    session_start();
?>
<!DOCTYPE html>
            <head>
                <meta name="robots" content="noindex" />
                <link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
                <title>Reset Password</title>
            </head>
<?php
    include('db-config.php');
    function show_change_pass_form(){
        // 
        ?>
                <form class="iqform" method="post" action="<?php echo $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']; ?>" autocomplete="off">
                    <h3>Change your Password</h3>
                    <label><span class="text-danger"><?php echo $passError ?></span><input type="password" placeholder="New Password" name="new-pass" required /></label>
                    <label><span class="text-danger"><?php echo $Con_passError; ?></span><input type="password" placeholder="Confirm Password" name="confirm-new-pass" required /></label>
                    <input type="submit" value="Change Password" name="pass-submit" />
                </form>
        <?php
    }
    $recovery_code = $_GET['recoverykey'];
    /*if(empty($recovery_code)){
        echo 'Looks like you landed elsewhere. ';
    }*/
    $sql = "SELECT * FROM RegisteredMembers WHERE RecoveryCode='$recovery_code'";
    $result = mysql_query($sql);
    if($result){
        $count = mysql_num_rows($result);
        if( $count==1 && !$recovery_code==0 ){
            if( isset($_POST['pass-submit']) ){

                $pass = $_POST['new-pass'];
                $Con_pass = $_POST['confirm-new-pass'];

                    // Confirmation
                        if($pass==$Con_pass){
                            if(strlen($pass)<8){
                                $error = true;
                            } else if(strlen($Con_pass)<8){
                                $error = true;
                            } else{
                                $sql1 = "UPDATE RegisteredMembers SET password = '$pass' WHERE RecoveryCode = '$recovery_code'";
                                $output = mysql_query($sql1);
                                if($output==1){
                                     $error = false;
                                     $passError = "Password successfully changed. Feel free to Log In.";

                                     $zero = 0;
                                     $sql2 = "UPDATE RegisteredMembers SET RecoveryCode = '$zero' WHERE RecoveryCode = '$recovery_code'";
                                     $output2 = mysql_query($sql2);
                                        if($output2==1){
                                            $error = false;
                                        }
                                }
                            }
                        } else if(!($pass==$Con_pass)){
                            $error = true;
                            $Con_passError = "The Password isn't matching. Be sure you remember the New Password.";
                        } else if(empty($pass)){
                            $error = true;
                            $passError = "Please do not keep the password empty.";
                        } else if(empty($Con_pass)){
                            $error = true;
                            $Con_passError = "Please do not keep this field empty.";
                        }
            }

            /*date_default_timezone_set("America/New_York");
            $nowtime = date("h:i:sa");
            $endtimestamp = mktime(date("H"),date("i")+1,date("s"));
            $endtime = date("h:i:sa",$endtimestamp);
            if($nowtime==$endtime){
                $zero = 0;
                $sql2 = "UPDATE RegisteredMembers SET RecoveryCode = '$zero' WHERE RecoveryCode = '$recovery_code'";
                $output2 = mysql_query($sql2);
                    if($output2==1){
                        $error = false;
                    }
            }*/

            show_change_pass_form();

        } else if($count==0 || empty($recovery_code)) {
            echo "No such recovery code, please don't try Spamming around! ";
        }
    }
?>
<?php ob_end_flush(); ?>

即使设置了“新密码”和“确认密码错误/成功”消息,但在单击更改密码按钮后,我看不到任何消息。 (仅限密码更改)

尚未提供CSS样式。所以,他们无法解决display:none的CSS问题。

实际问题 - 我希望变量$passError$Con_passError能够正确回显。

感谢我的帮助,提前!

1 个答案:

答案 0 :(得分:0)

你的回答。

<?php
    ob_start();
    session_start();
?>
<!DOCTYPE html>
            <head>
                <meta name="robots" content="noindex" />
                <link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
                <title>Reset Password</title>
            </head>
<?php
    $Con_passError = '';
    $passError = '';
    include('db-config.php');

    function show_change_pass_form($Con_passError,$passError){
        // 
        ?>
                <form class="iqform" method="post" action="<?php echo $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']; ?>" autocomplete="off">
                    <h3>Change your Password</h3>
                    <label><span class="text-danger"><?php echo $passError ?></span><input type="password" placeholder="New Password" name="new-pass" required /></label>
                    <label><span class="text-danger"><?php echo $Con_passError; ?></span><input type="password" placeholder="Confirm Password" name="confirm-new-pass" required /></label>
                    <input type="submit" value="Change Password" name="pass-submit" />
                </form>
        <?php
    }
    if(isset($GET["recoverykey"])){
    $recovery_code = $_GET['recoverykey'];
    /*if(empty($recovery_code)){
        echo 'Looks like you landed elsewhere. ';
    }*/


    $sql = "SELECT * FROM RegisteredMembers WHERE RecoveryCode='$recovery_code'";
    $result = mysql_query($sql);
    if($result){
      $count = mysql_num_rows($result);
    if( $count==1 && !$recovery_code==0 ){
            if( isset($_POST['pass-submit']) ){

                $pass = $_POST['new-pass'];
                $Con_pass = $_POST['confirm-new-pass'];

                    // Confirmation
                        if($pass==$Con_pass){
                            if(strlen($pass)<8){
                                $error = true;
                            } else if(strlen($Con_pass)<8){
                                $error = true;
                            } 
                            else{
                                $sql1 = "UPDATE RegisteredMembers SET password = '$pass' WHERE RecoveryCode = '$recovery_code'";
                                $output = mysql_query($sql1);
                                if($output==1){
                                     $error = false;
                                     $passError = "Password successfully changed. Feel free to Log In.";

                                     $zero = 0;
                                     $sql2 = "UPDATE RegisteredMembers SET RecoveryCode = '$zero' WHERE RecoveryCode = '$recovery_code'";
                                     $output2 = mysql_query($sql2);
                                        if($output2==1){
                                            $error = false;
                                        }
                                }
                            }

                        } else if(!($pass==$Con_pass)){
                            $error = true;
                            $Con_passError = "The Password isn't matching. Be sure you remember the New Password.";
                        } else if(empty($pass)){
                            $error = true;
                            $passError = "Please do not keep the password empty.";
                        } else if(empty($Con_pass)){
                            $error = true;
                            $Con_passError = "Please do not keep this field empty.";
                        }
            }

            /*date_default_timezone_set("America/New_York");
            $nowtime = date("h:i:sa");
            $endtimestamp = mktime(date("H"),date("i")+1,date("s"));
            $endtime = date("h:i:sa",$endtimestamp);
            if($nowtime==$endtime){
                $zero = 0;
                $sql2 = "UPDATE RegisteredMembers SET RecoveryCode = '$zero' WHERE RecoveryCode = '$recovery_code'";
                $output2 = mysql_query($sql2);
                    if($output2==1){
                        $error = false;
                    }
            }*/

            show_change_pass_form($Con_passError,$passError);

        } else if($count==0 || empty($recovery_code)) {
            echo "No such recovery code, please don't try Spamming around! ";
        }
    }
}
?>
<?php ob_end_flush(); ?>