2

我有一个允许管理员重置密码的小型应用程序。我目前拥有它,以便管理员输入他们的电子邮件地址并生成一个随机密钥并将其通过电子邮件发送给他们。随机密钥也为用户存储在数据库中。该电子邮件还包含一个表单链接,用户可以在该表单中输入用户名和发送给他们的代码来重置密码。

以下是重置密码表格:

<h1>Reset Your Password</h1>

<form id="reset" name="reset" method="post" action="reset-admin-password-exec.php">
<table width="365" height="147" border="0" cellpadding="0" cellspacing="5">
  <tr>
    <td width="144">Username: </td>
    <td><input name="username" type="text" class="textfield" id="username" /></td>
  </tr>
  <tr>
    <td>Code: </td>
    <td><input name="code" type="text" class="textfield" id="code" /></td>
  </tr>
  <tr>
    <td>New Password: </td>
    <td><input name="password" type="password" class="textfield" id="code" /></td>
  </tr>
  <tr>
    <td>Confirm Password: </td>
    <td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
  </tr>
  <tr>
    <td><input type="submit" name="Submit" value="Reset" /></td>    
  </tr>
</table>
</form>

这是处理代码的 reset-admin-password-exec.php 文件:

<?
    //Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;


    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //check for validation errors
    if (isset ($_POST['username']) && !empty ($_POST['username'])) {
    $username = clean($_POST['username']);
    } else {
        $errmsg_arr[] = 'username do not match';
        $errflag = true;
    }

    if (isset ($_POST['code']) && !empty ($_POST['code'])) {
    $code = clean($_POST['code']);
    } else {
        $errmsg_arr[] = 'code do not match';
        $errflag = true;
    }

    if (isset ($_POST['password']) && !empty ($_POST['password'])) {
    $password = clean($_POST['password']);
    } else {
        $errmsg_arr[] = 'first do not match';
        $errflag = true;
    }

    if (isset ($_POST['cpassword']) && !empty ($_POST['cpassword'])) {
    $cpassword = clean($_POST['cpassword']);
    } else {
        $errmsg_arr[] = 'second do not match';
        $errflag = true;
    }

    //Check that both password match
    if( strcmp($password, $cpassword) != 0 ) {
        $errmsg_arr[] = 'Passwords do not match';
        $errflag = true;    
    }


    //encrypt the password
    $salt1 = md5($username);
    $salt2 = md5(DB_PASSWORD);
    $password = sha1($salt1.$password.$salt2);


    //if there are input validations redirect back to main page
    if($errflag) {
        $_SESSION['ERRMSG_ARR'] = $errmsg_arr;
        session_write_close();
        header("location: reset-admin-password-form.php");
        exit();
    }

    $qry = "        UPDATE  admins
                    SET password    =   '$password'
                    WHERE   randkey     =   '$code'
                                    AND     username        =       '$username'";

    $result = mysql_query($qry);

    if($result) {
        echo $result;
        //header("location: reset-admin-password-success.php");
        exit();
    }else {
        die(mysql_error());

    }

?>

我的所有验证都有效,如果任何字段为空或密码不匹配,它将重定向。但是,如果该字段与我表中的code字段不匹配,查询仍然有效。randkey我已经尝试将randkeys作为字段放置以确保它失败,它确实如此。

当我回显时,$qry我得到了这个:UPDATE admins SET password = 'b978ac7c458d65ca31c02eb4e7dabd9aa6a8e235' WHERE randkey = 'CHLVQ6vfq' AND username = 'user.name'

谁能帮我解决这个问题?

4

1 回答 1

0

您确定查询确实有效吗?它可能没有输出任何错误,但这并不意味着它实际上正在更新任何行。

利用mysql_affected_rows; 此函数将告诉您是否实际更新了任何行(即WHERE子句是否匹配)

您应该将代码的最后一部分更改为:

$rows = mysql_affected_rows();
if( $rows == 1 ) {
    header("location: reset-admin-password-success.php");
    exit();
}
else {
    if( $rows == 0 ) {
        $_SESSION['ERRMSG_ARR'] = array('Your username and code do not match');
    } else {
        $_SESSION['ERRMSG_ARR'] = array('Unknown error');
    }
    session_write_close();
    header("location: reset-admin-password-form.php");
    exit();
}
于 2012-06-29T03:16:11.470 回答