Fatal编程技术网
  • php/
  • Php 将潜在客户提交到空白页时忘记密码

Php 将潜在客户提交到空白页时忘记密码

php

Php 将潜在客户提交到空白页时忘记密码,php,forgot-password,Php,Forgot Password,我的忘记密码页面有问题。当我输入电子邮件地址并单击“提交”时,我将进入一个空白页面,并且不会发送带有我密码的电子邮件。感谢您的帮助。谢谢 <?php include 'db.php'; if(isset($_POST['submit'])) { $email_address=$_POST['email_address']; $q=mysql_query("select * from login where email_address='".$email_address."

我的忘记密码页面有问题。当我输入电子邮件地址并单击“提交”时,我将进入一个空白页面,并且不会发送带有我密码的电子邮件。感谢您的帮助。谢谢

<?php
include 'db.php';
if(isset($_POST['submit']))
{ 
    $email_address=$_POST['email_address'];
    $q=mysql_query("select * from login where email_address='".$email_address."' ") or die(mysql_error());
    $p=mysql_affected_rows();
    if($p!=0) 
    {
        $res=mysql_fetch_array($q);
        $to=$res['email_address'];
        $subject='YNAGS Password Recovery';
        $message='Your password : '.$res['password']; 
        $headers='From:password_reset@ynags.com';
        $m=mail($to,$subject,$message,$headers);
        if($m)
        {
            echo'Check your inbox in mail';
        }
        else
        {
            echo'mail is not send';
        }
    }
    else
    {
        echo'You entered mail id is not present';
    }
}
?>
主要是这个语句的登录部分

  • 我们应该知道db.php中的代码(显然没有敏感数据)
  • 试着这样做:
    • db.php

    <?php
define("HOST", "your host");
define("USER", "db user name");
define("NAME", "db name");
define("PASSWORD", "password");
?>

forgot.php

<?php 
include("db.php");
if(isset($_POST['email_address'])){
    $email_address = $_POST['email_address'];
    $con = mysqli_connect(HOST, USER, PASSWORD, NAME);
    $sql = "SELECT * FROM login WHERE email_address = '".$email_address."'";
    if(mysqli_affected_rows(mysqli_query($con, $sql)) != 0){
        $res = array();
        $res = mysqli_fetch_array(mysqli_query($con, $sql));
        $to = $res['email_address'];
        // and so on ...
    }else{
        echo "Email not found";
    }
}else{
    echo "Form not submitted";
}
?>

    
忘记。php
    空白页表示语法错误,您没有检查语法错误。另外,很明显,您使用的是不安全的密码存储方法。发送这样的密码告诉我你运行的网站不安全。您应该使用重置方法。关于您的问题:
    我不太确定这是什么
    -这是一个安全漏洞(SQL注入),您应该在为时已晚之前将代码更改为使用参数绑定谢谢我将研究如何更改存储密码。现在我使用md5散列存储它们。我想我无论如何都不能再抓住他们了?在将密码输入数据库之前,是否有更好的方法对其进行加密?对于密码存储,请使用或PHP5.5的函数。对于PHP<5.5,请使用。谢谢。我将首先实现这一点,然后继续使用我忘记的密码 
    <?php
define("HOST", "your host");
define("USER", "db user name");
define("NAME", "db name");
define("PASSWORD", "password");
?>

forgot.php

<?php 
include("db.php");
if(isset($_POST['email_address'])){
    $email_address = $_POST['email_address'];
    $con = mysqli_connect(HOST, USER, PASSWORD, NAME);
    $sql = "SELECT * FROM login WHERE email_address = '".$email_address."'";
    if(mysqli_affected_rows(mysqli_query($con, $sql)) != 0){
        $res = array();
        $res = mysqli_fetch_array(mysqli_query($con, $sql));
        $to = $res['email_address'];
        // and so on ...
    }else{
        echo "Email not found";
    }
}else{
    echo "Form not submitted";
}
?>