我正在创建重置密码系统,我完成了所有部分的工作,接受了最后一步,即更新用户表中的密码和电子邮件。 实际上没有更新。大声笑
它表示更新成功并重定向到登录,但不更新密码。 我回响了所有步骤,以查看值是否为空,它显示所有值已满。
这是我的表格:
$selector = $_GET["selector"];
$validator = $_GET["validator"];
if(empty($selector) || empty($validator)){
echo "Could not validate request";
}else{
if(ctype_xdigit($selector) !== false && ctype_xdigit($validator) !== false){
?>
<form action="reset-password.inc.php" method="post">
<input type="hidden" name="selector" value="<?php echo $selector; ?>">
<input type="hidden" name="validator" value="<?php echo $validator; ?>">
<input type="password" name="password" placeholder="Yeni şifre girin...">
<input type="password" name="confirm_password" placeholder="Şifre tekrar...">
<input type="submit" name="reset-password-submit" value="Submit">
<a class="btn btn-link" href="welcome.php">Cancel</a>
</form>
<?php
}
}
这是提交页面中的代码:
if(isset($_POST["reset-password-submit"])){
$selector = $_POST["selector"];
$validator = $_POST["validator"];
$password = $_POST["password"];
$confirm_password = $_POST["confirm_password"];
$currentDate = date("U");
if(empty($password) && empty($confirm_password)){
header("Location: create-new-password.php?newpwd=empty");
exit();
}elseif($password != $confirm_password){
header("Location: create-new-password.php?newpwd=passwords-not-same");
exit();
}else{
$sql = "SELECT * FROM pwdreset WHERE pwdResetSelector = :pwdResetSelector AND pwdResetToken = :pwdResetToken AND pwdResetExpires >= :pwdResetExpires";
if($stmt = $pdo->prepare($sql)){
$stmt->bindParam(":pwdResetSelector", $selector, PDO::PARAM_STR);
$stmt->bindParam(":pwdResetToken", $validator, PDO::PARAM_STR);
$stmt->bindParam(":pwdResetExpires", $currentDate, PDO::PARAM_STR);
if($stmt->execute()){
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if($selector !== $row['pwdResetSelector']){
header("Location: create-new-password.php?newpwd=wrongUrlParameters");
exit();
}elseif($validator !== $row['pwdResetToken']){
header("Location: create-new-password.php?newpwd=wrongUrlParameters");
exit();
}else{
$tokenEmail = $row["pwdResetEmail"];
// CHECK IF EMPTY PASS AND EMAIL AND DO UPDATE
if(empty($password) && empty($tokenEmail)){
$sql = "UPDATE users SET password = :password WHERE email=:email";
if($stmt3 = $pdo->prepare($sql)){
$newpwdhash = password_hash($password, PASSWORD_DEFAULT);
$stmt3->bindParam(":password", $newpwdhash, PDO::PARAM_STR);
$stmt3->bindParam(":email", $tokenEmail, PDO::PARAM_STR);
if($stmt3->execute()){
// DELETE FROM PWDRESET TABLE
$sql = "DELETE FROM pwdReset WHERE pwdResetEmail=:pwdResetEmail";
if($stmt4 = $pdo->prepare($sql)){
$stmt4->bindParam(":pwdResetEmail", $tokenEmail, PDO::PARAM_STR);
$stmt4->execute();
header("Location: login.php?newpwd=success");
exit();
}else{
header("Location: create-new-password.php?newpwd=somethingWentWrong");
exit();
}
}else{
echo "Couldnt execute stmt 3";
exit();
}
}else{
echo "error";
exit();
}
}else{
echo "AN ERROR HAPPEND WHILE QUERY STMT 3";
exit();
}
}
}else{
echo "Couldnt execute sql 1";
exit();
}
}else{
echo "prepare sql didnt work 1";
exit();
}
}
}else{
echo "something went wrong";
exit();
}