Php 即使一切正常也会出错
我在php登录系统中使用以下代码来表示忘记密码,但后来出现错误用户名或密码不正确。文件名为forgotpassword.php。现在我得到了错误,在最后的用户名或电子邮件不正确,但我的输入是正确的,并把根据mysql表信息。 这是我的代码:-(在托管服务器上,所以一些信息隐藏)。Php 即使一切正常也会出错,php,mysql,forgot-password,Php,Mysql,Forgot Password,我在php登录系统中使用以下代码来表示忘记密码,但后来出现错误用户名或密码不正确。文件名为forgotpassword.php。现在我得到了错误,在最后的用户名或电子邮件不正确,但我的输入是正确的,并把根据mysql表信息。 这是我的代码:-(在托管服务器上,所以一些信息隐藏)。 session_start(); 需要一次'Phpmailer/phpmailerautoad.php'; 如果(isset($\u会话['id'])){ 标题('Location:user.php'); 模具();
session_start();
需要一次'Phpmailer/phpmailerautoad.php';
如果(isset($\u会话['id'])){
标题('Location:user.php');
模具();
}
否则{
如果($_POST['submit'])){
$username=strip_标签($_POST['username']);
$uemail=strip_标签($_POST['email']);
$db=mysqli_connect(“本地主机”、“用户名”、“密码”、“thedb”)或die(“连接失败”);
$sql=“从用户名='$username'限制1'的成员中选择id、用户名、密码”;
$query=mysqli\u查询($db,$sql);
如果($query){
$row=mysqli\u fetch\u行($query);
$dbUserName=$row[1];
$dbUserId=$row[0];
$dbEmail=$row[4];
}
如果($username==$dbUserName&$uemail==$dbEmail){
$\会话['username']=$username;
$\会话['id']=$id;
$token=兰特(10);
$db->query(“更新成员集令牌='$token'其中id='id'”);
$url=”https://www.example.net/resetpass?token=$token”;
$mail=new PHPMailer(true);//正在传递
`true`启用异常
试一试{
//服务器设置
$mail->isSMTP();//设置要使用的邮件程序
SMTP
$mail->Host='example.net';//指定main和
备份SMTP服务器
$mail->SMTPAuth=true;//启用SMTP
认证
$mail->Username=members@example.net“;//SMTP用户名
$mail->Password='Password';//SMTP密码
$mail->SMTPSecure='ssl';//启用TLS
也接受“ssl”加密
$mail->Port=465;//要连接的TCP端口
到
//接受者
$mail->setFrom('members@example.net","例",;
$mail->addAddress(“$uemail”);//添加收件人
//内容
$mail->isHTML(true);//将电子邮件格式设置为HTML
$mail->Subject='Reset Password Request';
$mail->Body='我们收到一个请求,要求重新设置用户$username的密码,请单击以下链接重置密码$url';
//$mail->AltBody='这是非HTML邮件客户端的纯文本正文';
$mail->send();
$suc='消息已发送';
}捕获(例外$e){
$err='无法发送消息';
}
$reset\u passwordsuc=“发送到用户电子邮件的说明。”;
}
否则{
$reset\u password=“用户名或电子邮件不正确”;
}
}
}
?>
最后,我得到的用户名或电子邮件不正确。请帮助您必须更改验证用户名和电子邮件的方式。请使用以下修改 更改:
$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";
if($username == $dbUserName && $uemail == $dbEmail) {
if(mysqli_num_rows($query) == 1) {
$_SESSION['id'] = $id;
$_SESSION['id'] = $dbUserId;
$db->query("UPDATE members SET token='$token' WHERE id='id'");
mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");
$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";
if($username == $dbUserName && $uemail == $dbEmail) {
if(mysqli_num_rows($query) == 1) {
$_SESSION['id'] = $id;
$_SESSION['id'] = $dbUserId;
$db->query("UPDATE members SET token='$token' WHERE id='id'");
mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");
$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";
if($username == $dbUserName && $uemail == $dbEmail) {
if(mysqli_num_rows($query) == 1) {
$_SESSION['id'] = $id;
$_SESSION['id'] = $dbUserId;
$db->query("UPDATE members SET token='$token' WHERE id='id'");
mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");
$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";
if($username == $dbUserName && $uemail == $dbEmail) {
if(mysqli_num_rows($query) == 1) {
$_SESSION['id'] = $id;
$_SESSION['id'] = $dbUserId;
$db->query("UPDATE members SET token='$token' WHERE id='id'");
mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");
$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";
if($username == $dbUserName && $uemail == $dbEmail) {
if(mysqli_num_rows($query) == 1) {
$_SESSION['id'] = $id;
$_SESSION['id'] = $dbUserId;
$db->query("UPDATE members SET token='$token' WHERE id='id'");
mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");
$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";
if($username == $dbUserName && $uemail == $dbEmail) {
if(mysqli_num_rows($query) == 1) {
$_SESSION['id'] = $id;
$_SESSION['id'] = $dbUserId;
$db->query("UPDATE members SET token='$token' WHERE id='id'");
mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");
$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";
if($username == $dbUserName && $uemail == $dbEmail) {
if(mysqli_num_rows($query) == 1) {
$_SESSION['id'] = $id;
$_SESSION['id'] = $dbUserId;
$db->query("UPDATE members SET token='$token' WHERE id='id'");
mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");
$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";
if($username == $dbUserName && $uemail == $dbEmail) {
if(mysqli_num_rows($query) == 1) {
$_SESSION['id'] = $id;
$_SESSION['id'] = $dbUserId;
$db->query("UPDATE members SET token='$token' WHERE id='id'");
mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");
PS:您可能想使用预先准备好的语句来防止sql注入攻击。您还应该对所有用户密码进行哈希运算,这些密码永远不应该以纯文本形式存储。谢谢您,这对我帮助很大:D