0

有人可以帮我,我的密码重置表格有点乱,我对 php 和 mysql 真的很陌生,所以请不要怪我弄错了。但我确实需要一些帮助。

基本上一切正常,它允许用户输入电子邮件,然后向他们发送新密码。(我没有附加发送电子邮件/密码位的代码,因为我不需要帮助。)唯一的问题是它没有检查电子邮件,它没有检查电子邮件是否存在于我的数据库中并且它允许用户输入在他们想要的任何电子邮件中。但是,如果他们键入不在数据库中的电子邮件,我希望它说对不起,不存在该类型的电子邮件或其他东西。我需要知道如何获取它来检查用户键入的电子邮件是否确实存在。

然后要么说电子邮件已发送,要么有问题。 

<?php
    $page_title = "Login";
    include('includes/header.php');
    include ('includes/mod_login/login_form2.php'); 

    if(!isset($_GET['err']) || isset($_GET['err'])=='') {
    $_GET['err'] = '0';
    }       
    ?>

    <?   
    $html_form = "<form name=\"forgotpasswordform\" action=\"sendpassword.php\" method=\"post\">
              <table border=\"0\" cellspacing=\"0\" cellpadding=\"3\" width=\"100%\">
                <tr>
                  <td width=\"15%\">Email Address:</td>
                  <td><input name=\"forgotpassword\" type=\"text\" value=\"\" id=\"forgotpassword\" size=\"30\"/></td>
                </tr>
                <tr>
                <td>&nbsp;</td>
                </tr>
                 <tr>
                  <td colspan=\"2\"><input type=\"submit\" name=\"submit\" value=\"Submit\" class=\"mainoption\" /></td>
                </tr>
              </table>
            </form>";


    if ($_GET['err'] == '1') { //error if message is not filled ?>

            <? echo $html_form; ?>

       <?

    } else if ($_GET['err'] == '2') { // error if email is not found

        ?>
            <h1>&nbsp;</h1>
            <p>
            Email Not Found!
            </p>
            <br />
        <?

    } else if ($_GET['err'] == '3') { // EMAIL SENT :D

         ?>
            <h1>&nbsp;</h1>
            <p>
            Thanks! Your new password has been sent.
            </p>
            <br />
        <?

    } else if ($_GET['err'] == '0') { // otherwise print email form 
       ?>


            <? echo $html_form; ?>    


        <? 
    }

    ?>

然后我们链接到 sendpassword.php:

<?php

/**
 * ShuttleCMS - A basic CMS coded in PHP.
 * Password Reset - Used for allowing a user to reset password
 * 
 * @author Dan <dan@danbriant.com>
 * @version 0.0.1
 * @package ShuttleCMS
 */
define('IN_SCRIPT', true);
// Start a session
session_start();

//Connect to the MySQL Database
include 'includes/_config/connection.php';


/*
 * Checks form field for email  
 */

if ($_POST['forgotpassword']=='') {
        header('Location: http://localhost/ptb1/recover_password.php?err=1');
}
if(get_magic_quotes_gpc()) {
        $forgotpassword = htmlspecialchars(stripslashes($_POST['forgotpassword']));
} 
else {
        $forgotpassword = htmlspecialchars($_POST['forgotpassword']);

}


/*
 * Checks if the email exists
 */

$sql = "SELECT COUNT(*) FROM ptb_users WHERE email = '$forgotpassword'";
$result = mysql_query($sql)or die('Could not find member: ' . mysql_error());

if (!mysql_result($result,0,0)>0) {
    header('Location: http://localhost/ptb1/recover_password.php?err=2');
}
4

1 回答 1

1

你正在寻找这样的东西:

if(mysql_num_rows($result)) {
    // user found
} else {
    // no user found
}

请记住,您的代码对 sql 注入是开放的,您不应该使用mysql_扩展。请改用PDO

于 2013-02-13T21:33:05.790 回答