当前位置:theitroad>忘记密码脚本 PHP mysqli 数据库

忘记密码脚本 PHP mysqli 数据库

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/20331689/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-25 03:05:35  来源:igfitidea点击:

Forgot Password Script PHP mysqli database

phpmysqlemailmysqli

提问by user3056818

Hi I am trying to make forgot password script and successfully completed but I am getting one problem. In forgot.phpWhen user enter email, script checks the email in database if it's matching then it will save activation code in database and also sends the activation code to his email address.

嗨,我正在尝试制作忘记密码脚本并成功完成,但我遇到了一个问题。在forgot.php用户输入电子邮件时,脚本检查数据库中的电子邮件是否匹配,然后将激活码保存在数据库中,并将激活码发送到他的电子邮件地址。

After receiving email click on the link and it will take him to reset password form in resetpass.phpfirst it checks that if activation code is matching with the code in database if it is then user will enter his new password and it will reset his password but problem is that the password is not changing who has entered his email it change the password of other person :D . I don't know what's going wrong in this script

收到电子邮件后,单击链接,他将首先重置密码表单,resetpass.php它会检查激活码是否与数据库中的代码匹配,如果匹配,则用户将输入他的新密码并重置他的密码,但问题是密码不会改变谁输入了他的电子邮件,它会改变其他人的密码:D。我不知道这个脚本出了什么问题

Forgot.php

忘记了.php

<?php 
error_reporting(0);
if($_POST['submit']=='Send')
{
//keep it inside
$email=$_POST['email'];
$code = $_GET['activation_code'];
$con=mysqli_connect("Localhost","root","123","user");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
$query = mysqli_query($con,"select * from login where user_email='$email'")
or die(mysqli_error($con)); 

 if (mysqli_num_rows ($query)==1) 
 {
$code=rand(100,999);
$message="You activation link is: http://bing.fun2pk.com/resetpass.php?email=$email&code=$code";
mail($email, "ZatWing", $message);
echo 'Email sent';
$query2 = mysqli_query($con,"update login set activation_code='$code' where user_email='$email' ")
or die(mysqli_error($con)); 
}
else
{
echo 'No user exist with this email id';

}}

?>
<form action="forgot.php" method="post">
Enter you email ID: <input type="text" name="email">
<input type="submit" name="submit" value="Send">
</form>

resetpass.php

重置密码

<?php
if(isset($_GET['code'])) {

    $acode = $_GET['code'];}
    echo $acode;

if(isset($_POST['pass'])){
    $pass = $_POST['pass'];


$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con)); 

 if (mysqli_num_rows ($query)==1) 
{



$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con)); 

echo 'Password Changed';
}
else
{
echo 'Wrong CODE';

}}

?>

    <form action="resetpass.php" method="POST">
    <p>New Password:</p><input type="password" name="pass" />
    <input type="submit"  name="submit" value="Signup!" />
    </form>

回答by Ravi Dhoriya ツ

I got a bug in resetpass.php

我有一个错误 resetpass.php

You'l first have to use $_GET['code']to get your activation code and store in a hidden field of

您首先必须使用$_GET['code']来获取您的激活码并将其存储在

here is modified code, that should work.

这是修改后的代码,应该可以工作。

<?php

if(isset($_POST['pass'])){
$pass = $_POST['pass'];
$acode=$_POST['code'];

$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con)); 

if (mysqli_num_rows ($query)==1) 
{
$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con)); 

echo 'Password Changed';
}
else
{
echo 'Wrong CODE';
}
}
?>

<form action="resetpass.php" method="POST">
<p>New Password:</p><input type="password" name="pass" />
<input type="submit"  name="submit" value="Signup!" />
<input type="hidden" name="code" value="<?php echo $_GET['code'];?>" />
</form>

回答by Marcel Balzer

You need to change the action from resetpass.phpto resetpass.php?code=<?php echo $_GET['code'];?>

您需要将操作从 更改resetpass.phpresetpass.php?code=<?php echo $_GET['code'];?>

Otherwise the code gets lost when you submit the form.

否则提交表单时代码会丢失。

For example: (Not bugfree!)

例如:(不是无错误的!)

<?php
if(isset($_GET['code'])) $acode = $_GET['code'];
else die("No code!");

$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else {
    $acode = mysqli_real_escape_string($con, $acode);
    $query = mysqli_query($con,"select * from login where activation_code='$acode'")
    or die(mysqli_error($con)); 
    if(mysqli_num_rows($query) == 0) {
        echo "Wrong code";
        die();
    } elseif (mysqli_num_rows ($query)==1 && isset($_POST['pass'])) {
        $pass = mysqli_real_escape_string($con, $_POST['pass']);
        $query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
        or die(mysqli_error($con)); 

        echo 'Password Changed';
    }
}

?>

    <form action="resetpass.php?code=<?php echo $_GET['code'];?>" method="POST">
    <p>New Password:</p><input type="password" name="pass" />
    <input type="submit"  name="submit" value="Signup!" />
    </form>

But think about some things:

但是想想一些事情:

  • Your Code is very unsecure, better try uniqid(rand());
  • With this Code it is possible that two entries got the same code
  • Somebody could try all code poosibilities
  • 你的代码很不安全,最好试试 uniqid(rand());
  • 使用此代码,两个条目可能获得相同的代码
  • 有人可以尝试所有代码可能性

回答by nuur

<?php
if(isset($_GET['code'])) $acode = $_GET['code'];
else die("No code!");

$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else {
    $acode = mysqli_real_escape_string($con, $acode);
    $query = mysqli_query($con,"select * from login where activation_code='$acode'")
    or die(mysqli_error($con)); 
    if(mysqli_num_rows($query) == 0) {
        echo "Wrong code";
        die();
    } elseif (mysqli_num_rows ($query)==1 && isset($_POST['pass'])) {
        $pass = mysqli_real_escape_string($con, $_POST['pass']);
        $query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
        or die(mysqli_error($con)); 

        echo 'Password Changed';
    }
}

?>

    enter code here
    <form action="resetpass.php?code=<?php echo $_GET['code'];?>" method="POST">
    <p>New Password:</p><input type="password" name="pass" />
    <input type="submit"  name="submit" value="Signup!" />
    </form>

相关推荐

php 获取最后更新记录的id

php 获取最后更新记录的id

php 遇到致命异常时如何让php返回500?

php 遇到致命异常时如何让php返回500?

php 创建数据库DVWA的问题

php 创建数据库DVWA的问题

php symfony2 自定义表单选择选项

php symfony2 自定义表单选择选项

相关推荐
最近更新
标签