Php MySQL数据库未更新
请忽略md5不是最安全的,mysql_*功能已经过时等事实-这不会在任何网站上上线 因此,我目前有一个系统,用户可以进入恢复密码页面并输入他们的电子邮件。它会向他们发送一封带有恢复密码链接的电子邮件。此链接如下: 此处&recover\u password=此处的代码 代码是在注册时随机生成的,并被良好地存储在数据库中。然而,我有问题,试图使他们改变它从上面的链接。这是recover_password.php页面:Php MySQL数据库未更新,php,mysql,passwords,Php,Mysql,Passwords,请忽略md5不是最安全的,mysql_*功能已经过时等事实-这不会在任何网站上上线 因此,我目前有一个系统,用户可以进入恢复密码页面并输入他们的电子邮件。它会向他们发送一封带有恢复密码链接的电子邮件。此链接如下: 此处&recover\u password=此处的代码 代码是在注册时随机生成的,并被良好地存储在数据库中。然而,我有问题,试图使他们改变它从上面的链接。这是recover_password.php页面: <?php include 'core/init.php'; $user
<?php
include 'core/init.php';
$username = (isset($_GET['username']));
$password_recovery = (isset($_GET['password_recovery']));
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'Your password has been changed. You may now proceed to log in.';
die();
} else {
if (password_recovery_exists($password_recovery) === true && (user_exists($username) === true)) {
if (empty($_POST) === false) {
$required_fields = array('password', 'password_again');
foreach($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'You missed a field!';
break 1;
}
}
if (trim($_POST['password']) !== trim($_POST['password_again'])) {
$errors[] = 'Your new passwords do not match';
} else if (strlen($_POST['password']) < 6) {
$errors[] = 'Your password must be at least 6 characters long.';
}
}
if (empty($_POST) === false && empty($errors) === true) {
password_recovery($username, $_POST['password']);
header('Location: recover_password.php?success');
} else {
echo output_errors($errors);
}
}
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>Liste - Login</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<form action="" method="post">
<label for="password"><b><center>New Password:</label><br >
<input type="password" name="password" size="30"><br />
<label for="password_again"><b><center>Re-enter New Password:</label><br >
<input type="password" name="password_again" size="30"><br />
<input type="submit" value="Change Password"><br /><br />
</form>
</center>
</body>
</html>
<?php
}
?>
谢谢大家 试试这样的方法:
mysql_query("UPDATE `users` SET `password` = '".$password."' WHERE `username` = '".$username."'");
<?php
include 'core/init.php';
function password_recovery($username, $password) {
$username = mysql_real_escape_string(sanitize($username));
$password = md5($password);
mysql_query("UPDATE `users` SET `password` = '" . $password . "' WHERE `username` = '" . $username . "'");
}
$username = (isset($_SESSION['username']) ? $_SESSION['username'] : false);
$password_recovery = (isset($_POST['password_recovery']) ? $_POST['password_recovery'] : false);
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'Your password has been changed. You may now proceed to log in.';
die();
} else {
if (password_recovery_exists($password_recovery) === true && (user_exists($username) === true)) {
if (empty($_POST) === false) {
$required_fields = array('password', 'password_again');
foreach ($_POST as $key => $value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'You missed a field!';
break 1;
}
}
if (trim($_POST['password']) !== trim($_POST['password_again'])) {
$errors[] = 'Your new passwords do not match';
} else if (strlen($_POST['password']) < 6) {
$errors[] = 'Your password must be at least 6 characters long.';
}
}
if (empty($_POST) === false && empty($errors) === true) {
password_recovery($username, $_POST['password']);
header('Location: recover_password.php?success');
} else {
echo output_errors($errors);
}
} else {
die("User not found");
}
}
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>Liste - Login</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<form action="" method="post">
<label for="password"><b><center>New Password:</label><br >
<input type="password" name="password" size="30"><br />
<label for="password_again"><b><center>Re-enter New Password:</label><br >
<input type="password" name="password_again" size="30"><br />
<input type="submit" value="Change Password"><br /><br />
</form>
</center>
</body>
</html>
您应该做的最起码的调试作业是检查mysql\u查询调用的返回值和var\u转储所选内容,如函数参数或生成的SQL代码。此外,清理是一项关键任务,但我们不知道如何进行;将始终返回true或false,而不是用户名,与$password相同。请使用PDO或mysqli准备的语句,而不是mysql_*方法。即使用户存在,此代码也始终返回“用户未找到”。$username变量是否取自地址栏?我是PHP新手,不确定$\u GET和$\u POST之间有什么区别。这就引出了我的第二个问题-我正在寻找一种方法来验证$username和$password\u recovery是否在数据库中的同一行中-这样你就需要它们随机生成且不显示在任何地方的$password\u恢复代码来更改密码。不过还是要谢谢你,这很有效!
<?php
include 'core/init.php';
function password_recovery($username, $password) {
$username = mysql_real_escape_string(sanitize($username));
$password = md5($password);
mysql_query("UPDATE `users` SET `password` = '" . $password . "' WHERE `username` = '" . $username . "'");
}
$username = (isset($_SESSION['username']) ? $_SESSION['username'] : false);
$password_recovery = (isset($_POST['password_recovery']) ? $_POST['password_recovery'] : false);
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'Your password has been changed. You may now proceed to log in.';
die();
} else {
if (password_recovery_exists($password_recovery) === true && (user_exists($username) === true)) {
if (empty($_POST) === false) {
$required_fields = array('password', 'password_again');
foreach ($_POST as $key => $value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'You missed a field!';
break 1;
}
}
if (trim($_POST['password']) !== trim($_POST['password_again'])) {
$errors[] = 'Your new passwords do not match';
} else if (strlen($_POST['password']) < 6) {
$errors[] = 'Your password must be at least 6 characters long.';
}
}
if (empty($_POST) === false && empty($errors) === true) {
password_recovery($username, $_POST['password']);
header('Location: recover_password.php?success');
} else {
echo output_errors($errors);
}
} else {
die("User not found");
}
}
?>
<html>
<head>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<title>Liste - Login</title>
<link rel="stylesheet" type="text/css" href="css/style.css">
</head>
<body>
<form action="" method="post">
<label for="password"><b><center>New Password:</label><br >
<input type="password" name="password" size="30"><br />
<label for="password_again"><b><center>Re-enter New Password:</label><br >
<input type="password" name="password_again" size="30"><br />
<input type="submit" value="Change Password"><br /><br />
</form>
</center>
</body>
</html>