即使一切正常也会出错

时间:2018-06-03 08:20:16

标签: php mysql forgot-password

我在我的php登录系统中使用以下代码忘记密码,但后来仍然出现错误用户名或密码不正确。该文件是forgotpassword.php。现在我收到错误的最后用户名或电子邮件不正确,但我的输入是正确的,并根据mysql表信息。 这是我的代码:-(在托管服务器上,因此隐藏了一些信息)。     

session_start();
 require_once 'Phpmailer/PHPMailerAutoload.php';

if (isset($_SESSION['id'])) {
header('Location: user.php');
die();
}

else {

if($_POST['submit']) {

   $username = strip_tags($_POST['username']);
   $uemail = strip_tags($_POST['email']);
   $db = mysqli_connect("localhost", "username", "password", "thedb") or die ("Failed to connect");
   $sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
   $query = mysqli_query($db, $sql);
   if($query) {
        $row = mysqli_fetch_row($query);
        $dbUserName = $row[1];
        $dbUserId = $row[0];
        $dbEmail = $row[4];

   }
   if($username == $dbUserName && $uemail == $dbEmail) {
       $_SESSION['username'] = $username;
       $_SESSION['id'] = $id;
       $token = rand(10);
       $db->query("UPDATE members SET token='$token' WHERE id='id'");
       $url = "https://www.example.net/resetpass?token=$token" ;
       $mail = new PHPMailer(true);                              // Passing 
`true` enables exceptions
try {
//Server settings
$mail->isSMTP();                                      // Set mailer to use 
SMTP
$mail->Host = 'example.net';                           // Specify main and 
backup SMTP servers
$mail->SMTPAuth = true;                               // Enable SMTP 
authentication
$mail->Username = 'members@example.net';                 // SMTP username
$mail->Password = 'password';                           // SMTP password
$mail->SMTPSecure = 'ssl';                            // Enable TLS 
encryption, `ssl` also accepted
$mail->Port = 465;                                    // TCP port to connect 
to

//Recipients
$mail->setFrom('members@example.net', 'example');
$mail->addAddress('$uemail');     // Add a recipient

//Content
$mail->isHTML(true);                                  // Set email format to HTML
$mail->Subject = 'Reset Password Request';
$mail->Body    = 'We recieved an request for resseting password for user $username, please click the following link for resetting password $url';
//$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';

$mail->send();
$suc =  'Message has been sent';
} catch (Exception $e) {
$err =  'Message could not be sent.';

}


       $reset_passwordsuc = "<b><i>Instructions sent to user email.</i><b>";
     }
   else {
      $reset_password = "<b><i>Username or Email Incorrect</i><b>";

   }
}
}

?>

最后我得到用户名或电子邮件不正确。请帮忙

1 个答案:

答案 0 :(得分:0)

您必须更改验证用户名和电子邮件的方式。请使用以下修改。

更改:

   $sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";

$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";

更改:

if($username == $dbUserName && $uemail == $dbEmail) {

if(mysqli_num_rows($query) == 1) {

要使令牌部件起作用,请执行以下修改。

更改:

$_SESSION['id'] = $id;

$_SESSION['id'] = $dbUserId;

更改:

$db->query("UPDATE members SET token='$token' WHERE id='id'");

mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");

PS:您可能希望使用预准备语句来防止SQL注入攻击。