我正在尝试开发忘记密码系统。一切似乎都可以正常工作,即使登录屏幕页面上的密码更新消息提示也是如此,但实际上它并未在数据库中更新。我不明白为什么会这样。另外我正在使用phpmailer发送电子邮件。任何帮助都会有很大帮助
重置密码页面:
<?php
if(isset($_POST['reset-submit'])){
$selector=$_POST['selector'];
$validator=$_POST['validator'];
$password=$_POST['password1'];
$passwordRepeat=$_POST['password2'];
if(empty($password) || empty($passwordRepeat)){
echo "empty fields";
}
elseif($password!=$passwordRepeat){
echo "password did not match";
}
$expiryDate=date("U");
require "db.inc.php";
$sql="SELECT * FROM pwdreset WHERE pwdresetSelector=? AND pwdresetExpires >= ?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
echo "Could not validate your request";
}
else{
mysqli_stmt_bind_param($stmt,"ss",$selector,$expiryDate);
mysqli_stmt_execute($stmt);
$result=mysqli_stmt_get_result($stmt);
if(!$row=mysqli_fetch_assoc($result)){
echo "Could not validate your request";
}
else{
$tokenBin=hex2bin($validator);
$tokenCheck=password_verify($tokenBin,$row['pwdresetToken']);
if($tokenCheck===false){
echo "Could not validate your request";
}
elseif($tokenCheck===true){
$tokenEmail=$row['pwdresetEmail'];
$sql="SELECT * FROM users WHERE emailUsers=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
echo "Could not validate your request";
}
else{
mysqli_stmt_bind_param($stmt,"s",$tokenEmail);
mysqli_stmt_execute($stmt);
$result=mysqli_stmt_get_result($stmt);
if(!$row=mysqli_fetch_assoc($result)){
echo "Could not validate your request";
}
else{
$sql="UPDATE users SET pwdUsers=? WHERE emailUsers=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
echo "Could not validate your request";
}
else{
$newpasswordHash=password_hash($password,PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt,"ss",$tokenEmail,$newpasswordHash);
mysqli_stmt_execute($stmt);
$sql="DELETE FROM pwdreset WHERE pwdresetEmail=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
header("Location: ../createnewpassword.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt,"s",$tokenEmail);
mysqli_stmt_execute($stmt);
header("Location: ../login.php?resetpassword=success");
exit();
}
}
}
}
}
else{
echo "Could not validate your request";
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else{
header("Location: ../index.php");
exit();
}
答案 0 :(得分:0)
您的代码很难阅读那么多其他语句和通用消息。在开发时,您希望显示易于理解的错误1.了解导致错误的原因并2.正确处理它们。这些消息仅在代码投入生产时才是通用的(无mysql错误等)。
我将您的代码放入一个函数中,以使其易于处理和阅读。
我认为您的问题归结为这一行:
mysqli_stmt_bind_param($stmt,"ss",$newpasswordHash,$tokenEmail);
您在哪里撤消了更新的值。如果我要自己使用它,则可能只是使用一个类,然后将其分解为不同的功能,因为这是执行多个功能的相当大的代码。
<?php
if(isset($_POST['reset-submit'])){
$selector=$_POST['selector'];
$validator=$_POST['validator'];
$password=$_POST['password1'];
$passwordRepeat=$_POST['password2'];
if(empty($password) || empty($passwordRepeat)){
echo "empty fields";
exit();
}
elseif($password!=$passwordRepeat){
echo "password did not match";
exit();
}
$expiryDate=date("U");
require "db.inc.php";
$reset = reset_password( $conn , $selector , $validator , $password );
if( ! $reset['Results'] ){
echo $reset['Msg'];
exit();
}
header("Location: ../login.php?resetpassword=success");
exit();
}
else{
header("Location: ../index.php");
exit();
}
function reset_password( $conn , $selector , $validator , $password ){
$sql="SELECT * FROM pwdreset WHERE pwdresetSelector=? AND pwdresetExpires >= ?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => '1: SQL Error - ' . mysqli_error($conn) ];
}
mysqli_stmt_bind_param($stmt,"ss",$selector,$expiryDate);
if( ! mysqli_stmt_execute($stmt) ){
return [ 'Result' => false , 'Msg' => 'Failed to execute 1' ];
}
$result=mysqli_stmt_get_result($stmt);
if(!$row=mysqli_fetch_assoc($result)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'Failed to find reset' ];
}
$tokenBin=hex2bin($validator);
if( ! password_verify($tokenBin,$row['pwdresetToken']) ){ //you can check against this directly. No need to put it into a variable.
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'Incorrect Password' ];
}
$tokenEmail=$row['pwdresetEmail'];
mysqli_stmt_close($stmt);
$sql="SELECT * FROM users WHERE emailUsers=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => '2: SQL Error - ' . mysqli_error($conn) ];
}
mysqli_stmt_bind_param($stmt,"s",$tokenEmail);
if( ! mysqli_stmt_execute($stmt) ){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'Failed to execute 2' ];
}
$result=mysqli_stmt_get_result($stmt);
if(!$row=mysqli_fetch_assoc($result)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'No User Found' ];
}
mysqli_stmt_close($stmt);
$sql="UPDATE users SET pwdUsers=? WHERE emailUsers=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => '3: SQL Error - ' . mysqli_error($conn) ];
}
$newpasswordHash=password_hash($password,PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt,"ss",$newpasswordHash,$tokenEmail); //you had these reversed. According to your SQL looks like it should be this way
if( ! mysqli_stmt_execute($stmt) ){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'Failed to execute 3' ];
}
mysqli_stmt_close($stmt);
$sql="DELETE FROM pwdreset WHERE pwdresetEmail=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => '4: SQL Error - ' . mysqli_error($conn) ];
}
mysqli_stmt_bind_param($stmt,"s",$tokenEmail);
if( ! mysqli_stmt_execute($stmt) ){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'Failed to execute 4' ];
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => true , 'Msg' => 'Failed to execute 4' ];
}