在PHP中尝试创建重置密码页时,GET变量上的未定义索引
我正在开发一个允许用户重置密码的PHP页面。我已经到了输入用户名和发送带有更改密码链接的电子邮件的地步 然而,当我去更改密码时,我得到了以下错误在PHP中尝试创建重置密码页时,GET变量上的未定义索引,php,variables,get,undefined-index,Php,Variables,Get,Undefined Index,我正在开发一个允许用户重置密码的PHP页面。我已经到了输入用户名和发送带有更改密码链接的电子邮件的地步 然而,当我去更改密码时,我得到了以下错误 Notice: Undefined index: email in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\reset-password.php on line 112 Notice: Undefined index: hash in C:\Program Files\
Notice: Undefined index: email in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\reset-password.php on line 112
Notice: Undefined index: hash in C:\Program Files\Apache Software Foundation\Apache2.2\htdocs\reset-password.php on line 112
<?php
$msg = "";
// If user is visiting using the link provided in the email
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash']))
{
$email = checkInput($_GET['email']); // Set email variable
$hash = checkInput($_GET['hash']); // Set hash variable
$search = mysql_query("SELECT email, hash FROM users WHERE email='".$email."' AND hash='".$hash."'") or die(mysql_error());
$match = mysql_num_rows($search);
if($match > 0)
{
// There is a match -> show change password form
changePassForm();
}
else
{
// No match -> dont show password form (invalid url)
$msg .= '<div class="success" align="center">An email with a link to reset your password has been sent to your registered email account. Please click the link to reset your password.</div>';
}
}
// Else user is not visting from a link provided in an email.
else
// First check if user has already submitted form to send change password link
{
if(isset($_POST['submit-request']))
{
$username = checkInput($_POST['username']);
$query = "SELECT username FROM users WHERE username = '$username'";
$result = mysql_query($query);
$search = mysql_num_rows($result);
// Checks if the username they entered exists - if so, call sendResetMail function.
if($search > 0)
{
$msg .= '<div class="success" align="center">An email with a link to reset your password has been sent to your registered email account. Please click the link to reset your password.</div>';
sendResetMail(); // Calls the sendMail function - sends the activation email to the user.
}
// Else username does not exist in database
else
{
$msg .= '<div class="error" align="center">That username does not exist. Please try again.</div>';
requestForgotPassEmail();
}
}
// If user has not already submitted form, show them form.
else
{
requestForgotPassEmail();
$msg .= "request email";
}
}
/* Initialize empty containers for the errors */
$rpnewpass_errors = "";
$rpnewpasschk_errors = "";
$msg = "";
// If changePassForm has been submitted
if(isset($_POST['submit-change']))
{
$newpass=isset($_POST['newpass']) ? checkInput($_POST['newpass']) : '';
$newpasschk=isset($_POST['newpasschk']) ? checkInput($_POST['newpasschk']) : '';
/* Checks all fields were entered */
if(!$_POST['newpass'] || !$_POST['newpasschk'])
{
$msg .= '<div class="error" align="center">You didn\'t a required field - please complete all the fields</div>';
}
else
{
/* Once all fields are entered - perform form validation */
/* Checks the new password field is entered */
if(empty($newpass))
{
$newpass=false;
$rpnewpass_errors .= "You didn't enter a new password";
}
/* Checks if the password contains at least 8 characters, lower/upper case letters and a number. */
if(preg_match("/^.*(?=.{8,})(?=.*[0-9])(?=.*[a-z])(?=.*[A-Z]).*$/", $newpass) === 0)
{
$msg .= '<div class="error" align="center">Password must be at least 8 characters and contain at least one lower case letter, one upper case letter and a number</div>';
}
/* Checks the verify new password field is entered */
if(empty($newpasschk))
{
$msg .= '<div class="error" align="center">You didnt verify your new password.</div>';
}
/* Checks if the new password and verify new password match */
if($newpass != $newpasschk)
{
$msg .= '<div class="error" align="center">Sorry, your passwords do not match.</div>';
}
/* Checks if all error containers are empty, then proceeds with password change */
if(empty($rpnewpass_errors) && empty($rpnewpasschk_errors))
{
$query="SELECT username FROM users WHERE email = '$email' AND hash = '$hash'";
echo $query; // for troubleshooting purposes, variables are echoing empty
$result=mysql_query($query);
$num=mysql_num_rows($result);
if($num == 1)
{
$row=mysql_fetch_array($result);
$md5newpass=md5($newpass);
$query="UPDATE users SET password = '$md5newpass' WHERE username = '$row[0]'";
$result=mysql_query($query);
if(mysql_affected_rows() == 1)
{
$msg .= '<div class="error" align="center">Your password has been changed successfully</div>';
}
else
{
$msg .= '<div class="error" align="center">Your password could not be changed. Please try again</div>';
}
}
else
{
$msg .= '<div class="error" align="center">Your username and password do not match our records</div>';
}
}
}
}
?>
您是否在此行设置了$email和$hash
$query="SELECT username FROM users WHERE email = '$email' AND hash = '$hash'";
echo $query; // for troubleshooting purposes, variables are echoing empty
您可以在此处设置,但只能在条件中设置:
if(isset($_GET['email']) && !empty($_GET['email']) AND isset($_GET['hash']) && !empty($_GET['hash']))
您可能不应该告诉用户用户名是否不存在,还应该基于单个令牌将请求写入单独的DB表,而不是同时依赖电子邮件和哈希的get var。只是我的意见。你泄露了很多信息。第32行是什么?什么是checkInput()?对不起,这是错误的一行,应该是142对不起,应该是112-忘了我遗漏了一些注释