基本上,如果用户访问该页面,他们会得到一个输入用户名的表单。然后检查数据库,然后将生成的密钥添加到数据库中的行,并将密钥链接通过电子邮件发送给他们。该链接将他们带回到同一页面,但以不同的形式要求更新他们的密码。
这就是我的问题所在。该脚本首先检查该密钥是否存在。即使它确实存在,我也会不断收到 uh oh key does not exist 错误。读了几遍,休息了一下,还是看不懂。希望这里有人能抓住这个问题!
问题片段:
<?php
if ($_GET['do'] == "password") {
$forgetKeyEmail = mysql_real_escape_string($_GET['key']);
if ($forgetKeyEmail !== "") {
$keyQuery = mysql_query("SELECT * FROM users WHERE forgetKey = '$forgetKeyEmail' LIMIT 1");
$keyCheck - mysql_num_rows($keyQuery);
if ($keyCheck == 1) {
?>
form goes here to update password
<?php
if ($_GET['do'] == "update") {
$hasher = new PasswordHash(10, false);
$resetPasswdord = $hasher->HashPassword(mysql_real_escape_string($_POST['inputPassword']));
$resetPassword = $_POST['inputPassword'];
if ($_POST['inputPassword'] !== "") {
mysql_query("UPDATE users SET password = '$resetPassword' WHERE forgetKey = '$forgetKeyEmail'");
echo "g";
?>
success message
<?php
}
else {
?>
empty field message
<?php
}
}
}
else{
?>
incorrect key message (what I keep getting)
<?php
}
}
}
完整代码:
<?php
if ($_GET['do'] == "password") {
$forgetKeyEmail = mysql_real_escape_string($_GET['key']);
if ($forgetKeyEmail !== "") {
$keyQuery = mysql_query("SELECT * FROM users WHERE forgetKey = '$forgetKeyEmail' LIMIT 1");
$keyCheck - mysql_num_rows($keyQuery);
if ($keyCheck == 1) {
?>
<form method="POST"class="form-horizontal" action="?do=update&key=<?php echo $forgetKeyEmail; ?>" >
<div class="control-group">
<label class="control-label" for="inputPassword">New Password</label>
<div class="controls">
<input type="text" id="inputPassword" name="inputPassword" placeholder="Password">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">Reset!</button>
</div>
</div>
</form>
<?php
if ($_GET['do'] == "update") {
$hasher = new PasswordHash(10, false);
$resetPasswdord = $hasher->HashPassword(mysql_real_escape_string($_POST['inputPassword']));
$resetPassword = $_POST['inputPassword'];
if ($_POST['inputPassword'] !== "") {
mysql_query("UPDATE users SET password = '$resetPassword' WHERE forgetKey = '$forgetKeyEmail'");
echo "g";
?>
<div class="alert alert-success" style="margin:0;">
<strong>Woooo!</strong> Your password has been changed, you can now <a href="login.php">login.</a>
</div>
<?php
}
else {
?>
<div class="alert alert-error" style="margin:0;">
<strong>Woops!</strong> You need to fill out a password!
</div>
<?php
}
}
}
else{
?>
<div class="alert alert-error" style="margin:0;">
<strong>Uh oh!</strong> That key is incorrect.
</div>
<?php
}
}
}
elseif ($_GET['do'] == "reset") {
$resetUsername = mysql_real_escape_string($_POST['inputUser']);
if ($resetUsername !== "") {
$checkQuery = mysql_query("SELECT * FROM users WHERE username = '$resetUsername' LIMIT 1");
$checkExist = mysql_num_rows($checkQuery);
$userData = mysql_fetch_array($checkQuery);
$mailEmail = $userData['email'];
if ($checkExist == 1) {
$forgetKey = genRandomString() . genRandomString();
mysql_query("UPDATE users SET forgetKey = '$forgetKey' WHERE username = '$resetUsername'");
$message = "Hey there, ".$resetUsername." - We've received a request to reset your password. <br /><br /> Please click the following link to do so: <a href=\"http://localhost/vanilla/forgot.php?do=reset&key=".$forgetKey."\"";
echo $forgetKey;
mail($mailEmail, 'realvanil.la Password Reset', $message);
?>
<div class="alert alert-info" style="margin:0;">
An email has been sent to <strong><?php echo $userData['email']; ?></strong> with your reset information!
</div>
<?php
}
else {
?>
<div class="alert alert-error">
<strong>Uh oh!</strong> We can't seem to find an account with that username. Remember, it's your Minecraft username!
</div>
<form method="POST"class="form-horizontal" action="?do=reset" >
<div class="control-group">
<label class="control-label" for="inputUser">Username</label>
<div class="controls">
<input type="text" id="inputUser" name="inputUser" placeholder="Username">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">Send Email!</button>
</div>
</div>
</form>
<?php
}
}
else {
?>
<div class="alert alert-error">
<strong>Uh oh!</strong> You need to tell us your username ;)
</div>
<form method="POST"class="form-horizontal" action="?do=reset" >
<div class="control-group">
<label class="control-label" for="inputUser">Username</label>
<div class="controls">
<input type="text" id="inputUser" name="inputUser" placeholder="Username">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">Send Email!</button>
</div>
</div>
</form>
<?php
}
}
else {
?>
<form method="POST"class="form-horizontal" action="?do=reset" >
<div class="control-group">
<label class="control-label" for="inputUser">Username</label>
<div class="controls">
<input type="text" id="inputUser" name="inputUser" placeholder="Username">
</div>
</div>
<div class="control-group">
<div class="controls">
<button type="submit" class="btn btn-primary">Send Email!</button>
</div>
</div>
</form>
<?php
}
?>