PHP MSQLI忘记密码重置页面
我正在为我的网站(www.qbstaxsubmission.co.uk)设置一个PHP密码丢失页面,用于创建发送给用户的密码丢失电子邮件的代码工作正常。然而,当用户点击电子邮件链接时,他会看到一个新的密码php页面。此页面上的脚本会生成错误消息“更新恢复密钥时注册失败:插入”,从而触发我的样式错误页面,将用户转移回我的标准登录页面 所以我的问题是我看不出我的新password2.php有什么问题。有人能帮忙吗 下面是完整的新password2.php代码:PHP MSQLI忘记密码重置页面,php,html,mysql,Php,Html,Mysql,我正在为我的网站(www.qbstaxsubmission.co.uk)设置一个PHP密码丢失页面,用于创建发送给用户的密码丢失电子邮件的代码工作正常。然而,当用户点击电子邮件链接时,他会看到一个新的密码php页面。此页面上的脚本会生成错误消息“更新恢复密钥时注册失败:插入”,从而触发我的样式错误页面,将用户转移回我的标准登录页面 所以我的问题是我看不出我的新password2.php有什么问题。有人能帮忙吗 下面是完整的新password2.php代码: <?php ob_start()
<?php
ob_start();
include ('config.php');
include ('function.php');
$error_msg = "";
$token = $_GET['token'];
$userID = UserID($email);
$verifytoken = verifytoken($userID, $token);
// Sanitize and validate the data passed in
if (isset($_POST['submit'],$_POST['username'], $_POST['email'], $_POST['p'])) {
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING);
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$new_password = filter_input(INPUT_POST, 'new_password', FILTER_SANITIZE_STRING);
$retype_password = filter_input(INPUT_POST, 'retype_password', FILTER_SANITIZE_STRING);
$id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_STRING);}
$new_password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($new_password) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
$prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
$stmt = $db ->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this email address already exists
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
}
} else {
$error_msg .= '<p class="error">Database error</p>';
}
if($new_password != $retype_password) {
// Create a random salt
$salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$new_password = hash('sha512', $random_salt . $salt);
}
// Insert the new hashed password into the database
if ($insert_stmt = $db->prepare("UPDATE members SET password = ? WHERE id = ? ")) {
$insert_stmt->bind_param('si', $newpassword, $id);
// Execute the prepared query.
if (!$insert_stmt->execute()) {
header('Location: ../error.php?err=Database Registration failure: INSERT');
}
// Update recovery key
if ($insert_stmt = $db->prepare("UPDATE recovery_keys SET valid = 0 WHERE id = ? AND token = ? "));
$insert_stmt->bind_param('is', $id, $token);
// Execute the prepared query.
if ($insert_stmt->execute())
$msg = 'Your password has changed successfully. Please login with your new password.';
}else
{
header('Location: ../error.php?err=Registration failure in updating recovery key: INSERT'); }
{exit();}
?>
我相信这就是问题所在:
if (! $insert_stmt->execute())
$msg = 'Your password has changed successfully. Please login with your new password.';
}else{..}
if(!$insert\u stmt->execute())
这意味着如果查询失败,则返回密码失败
您的代码在更新恢复密钥时总是显示注册失败的原因:INSERTits,因为您指示您的代码,当查询没有失败时,它必须生成注册失败
你的代码都是乱七八糟的,你需要清理一下
这就是它的外观
if ($insert_stmt = $db->prepare("UPDATE recovery_keys SET valid = 0 WHERE userID = ? AND token = ? "));
$insert_stmt->bind_param('ss', $userID, $token);
// Execute the prepared query.
if ($insert_stmt->execute())
$msg = 'Your password has changed successfully. Please login with your new password.';
}else
{
$msg = "Password doesn't match";
header('Location: ../error.php?err=Registration failure in updating recovery key: INSERT'); }
{exit();}
<?php
ob_start();
include('config.php');
include('function.php');
$error_msg = "";
$token = $_GET['token'];
$userID = UserID($email);
$verifytoken = verifytoken($userID, $token);
// Sanitize and validate the data passed in
if (isset($_POST['submit'], $_POST['username'], $_POST['email'], $_POST['p'])) {
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING);
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$new_password = filter_input(INPUT_POST, 'new_password', FILTER_SANITIZE_STRING);
$retype_password = filter_input(INPUT_POST, 'retype_password', FILTER_SANITIZE_STRING);
$id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_STRING);
}
$new_password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
$prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
$stmt = $db->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this email address already exists
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
}
} else {
$error_msg .= '<p class="error">Database error</p>';
}
if ($new_password != $retype_password) {
// Create a random salt
$salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$new_password = hash('sha512', $random_salt . $salt);
}
// Insert the new hashed password into the database
if ($insert_stmt = $db->prepare("UPDATE members SET password = ? WHERE id = ?")) {
$insert_stmt->bind_param('si', $new_password, $userID);
// Execute the prepared query.
if (!$insert_stmt->execute()) {
header('Location: ../error.php?err=Database Registration failure: INSERT');
exit();
}
// Update recovery key
if ($insert_stmt = $db->prepare("UPDATE recovery_keys SET valid = 0 WHERE userID = ? AND token = ? "));
$insert_stmt->bind_param('is', $userID, $token);
// Execute the prepared query.
if ($insert_stmt->execute())
$msg = 'Your password has changed successfully. Please login with your new password.';
} else {
$msg = "Password doesn't match";
header('Location: ../error.php?err=Registration failure in updating recovery key: INSERT');
exit();
}
?>
编辑
试图清理代码中的一些混乱。现在这应该是什么样子
if ($insert_stmt = $db->prepare("UPDATE recovery_keys SET valid = 0 WHERE userID = ? AND token = ? "));
$insert_stmt->bind_param('ss', $userID, $token);
// Execute the prepared query.
if ($insert_stmt->execute())
$msg = 'Your password has changed successfully. Please login with your new password.';
}else
{
$msg = "Password doesn't match";
header('Location: ../error.php?err=Registration failure in updating recovery key: INSERT'); }
{exit();}
<?php
ob_start();
include('config.php');
include('function.php');
$error_msg = "";
$token = $_GET['token'];
$userID = UserID($email);
$verifytoken = verifytoken($userID, $token);
// Sanitize and validate the data passed in
if (isset($_POST['submit'], $_POST['username'], $_POST['email'], $_POST['p'])) {
$email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_STRING);
$username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
$new_password = filter_input(INPUT_POST, 'new_password', FILTER_SANITIZE_STRING);
$retype_password = filter_input(INPUT_POST, 'retype_password', FILTER_SANITIZE_STRING);
$id = filter_input(INPUT_POST, 'id', FILTER_SANITIZE_STRING);
}
$new_password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
if (strlen($password) != 128) {
// The hashed pwd should be 128 characters long.
// If it's not, something really odd has happened
$error_msg .= '<p class="error">Invalid password configuration.</p>';
}
$prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
$stmt = $db->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
// A user with this email address already exists
$error_msg .= '<p class="error">A user with this email address already exists.</p>';
}
} else {
$error_msg .= '<p class="error">Database error</p>';
}
if ($new_password != $retype_password) {
// Create a random salt
$salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE));
// Create salted password
$new_password = hash('sha512', $random_salt . $salt);
}
// Insert the new hashed password into the database
if ($insert_stmt = $db->prepare("UPDATE members SET password = ? WHERE id = ?")) {
$insert_stmt->bind_param('si', $new_password, $userID);
// Execute the prepared query.
if (!$insert_stmt->execute()) {
header('Location: ../error.php?err=Database Registration failure: INSERT');
exit();
}
// Update recovery key
if ($insert_stmt = $db->prepare("UPDATE recovery_keys SET valid = 0 WHERE userID = ? AND token = ? "));
$insert_stmt->bind_param('is', $userID, $token);
// Execute the prepared query.
if ($insert_stmt->execute())
$msg = 'Your password has changed successfully. Please login with your new password.';
} else {
$msg = "Password doesn't match";
header('Location: ../error.php?err=Registration failure in updating recovery key: INSERT');
exit();
}
?>
SET password=salt'$new\u password'
这是一个问题。如果($insert\u stmt=$db->prepare(“更新恢复”\u keys SET valid=0,其中userID=$userID和token='$token'),则是$插入\u stmt->bind \u param('ss',$userID,$token)-检查错误,您有一些错误。--不要使用自己的散列。使用。管理起来容易得多准备好的语句在您的情况下是无用的。如果(strlen($password)!=128){
变量$password
设置在哪里?我认为不需要的{exit();}
会产生错误。@Mikey我可以看到一个参数放错了地方(它应该放在每个头后面)('Location:…')
语句),但它不会导致错误。@ChrisForrence是的,它的位置不正确。在更改为建议的password2.php布局后,我得到的是一个完全空白的页面,而不是一条错误消息-Chris