我有一个问题......我有一个登录系统,当用户访问已通过电子邮件发送的链接时,updatepassword.php会生成一个随机字符串作为密码。由于这不是重置密码的理想方式,我希望用户以简单的形式输入密码。我该怎么办?
<form action="updatepassword.php" method="post">
<input type="password" name="pwd" placeholder="new password">
<input type="password" name="cpwd" placeholder="confirm password">
<button type="submit" name="reset" class="btn">Reset</button>
</form>
<?php
if(isset($_GET['token']) && isset($_GET['email'])){
require 'dbh.inc.php';
$email = mysqli_real_escape_string($conn,$_GET['email']);
$token = mysqli_real_escape_string($conn,$_GET['token']);
$sql = "SELECT * FROM users WHERE user_email='$email' AND token='$token'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck>0) {
$str ="0123456789zxcvbnmasdfghjkqwertyu";
$str = str_shuffle($str);
$str = substr($str, 0, 15);
$hashedPwd = password_hash($str,PASSWORD_DEFAULT);
$conn->query("UPDATE users SET user_pwd='$hashedPwd', token='' WHERE user_email='$email'");
echo "your new password is $str";
}
}else{
echo "error";
}