所以我正在处理这个密码重置表单。用户单击发送到其电子邮件的链接,然后他们被带到网页以输入新密码。当他们提交表单时,3 个变量(密码、密钥和电子邮件)被传递到我的函数文件以更新用户的密码。密码本身已发布,但电子邮件和密钥未发布。我做了一个 vardump 来查看实际发送的内容,它只是在表单上的 email/key 值中显示代码。我不确定我做错了什么。
编辑 所以我发现电子邮件/密钥没有被传递给 updateUserPassword() 函数。我在下面发布了新的正确表单代码。解决了
<?php session_start();
include("include/DB_Connect.php");
include("include/DB_Functions.php"); // Connect to database server(localhost) with username and password.
mysql_select_db("android_api") or die(mysql_error()); // Select registration database.
$show = 'emailForm'; //which form step to show by default
if (isset($_POST['subStep']) && !isset($_GET['a']))
{
switch($_POST['subStep'])
{
case 1:
//we are submitting a new password (only for encrypted)
if ($_POST['email'] == '' || $_POST['key'] == '') header("location: forgotpw.php");
if (strcmp($_POST['password'],$_POST['pw1']) != 0 || trim($_POST['password']) == '')
{
$error = true;
$show = 'recoverForm';
} else {
$error = false;
$show = 'recoverSuccess';
updateUserPassword($_POST['email'],$_POST['password'],$_POST['key']);
var_dump($_POST['email'],$_POST['password'],$_POST['key']);
}
break;
}
} elseif (isset($_GET['a']) && $_GET['a'] == 'recover' && $_GET['email'] != "") {
$show = 'invalidKey';
$result = checkEmailKey(urldecode(base64_decode($_GET['email'])),$_GET['key']);
if ($result == false)
{
$error = true;
$show = 'invalidKey';
} elseif ($result['status'] == true) {
$error = false;
$show = 'recoverForm';
$securityUser = $result['email'];
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Password Recovery</title>
<link href="assets/css/styles.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="header"></div>
<div id="page">
<?php switch($show) {
case 'recoverForm': ?>
<h2>Password Recovery</h2>
<p>Welcome back, <?php echo getUserName($securityUser=='' ? $_GET['email'] : $securityUser); ?>.</p>
<p>In the fields below, enter your new password.</p>
<?php if ($error == true) { ?><span class="error">The new passwords must match and must not be empty.</span><?php } ?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div class="fieldGroup"><label for="password">New Password</label><div class="field"><input type="password" class="input" name="password" id="password" value="" maxlength="20"></div></div>
<div class="fieldGroup"><label for="pw1">Confirm Password</label><div class="field"><input type="password" class="input" name="pw1" id="pw1" value="" maxlength="20"></div></div>
<input type="hidden" name="subStep" value="1" />
<input type="hidden" name="email" value="<?php echo $securityUser=='' ? $_POST['email'] : $securityUser; ?>" />
<input type="hidden" name="key" value="<?php echo $_GET['key']=='' ? $_POST['key'] : $_GET['key']; ?>" />
<div class="fieldGroup"><input type="submit" value="Submit" style="margin-left: 150px;" /></div>
<div class="clear"></div>
</form>
<?php break; case 'invalidKey': ?>
<h2>Invalid Key</h2>
<p>The key that you entered was invalid. Either you did not copy the entire key from the email, you are trying to use the key after it has expired (3 days after request), or you have already used the key in which case it is deactivated.<br /><br /><a href="login.php">Return</a> to the login page. </p>
<?php break; case 'recoverSuccess': ?>
<h2>Password Reset</h2>
<p>Congratulations! your password has been reset successfully.</p><br /><br /><a href="login.php">Return</a> to the login page. </p>
<?php break; }
ob_flush();
$mySQL->close();
?>
</div>
</body>
</html>
这是我的功能代码:
function updateUserPassword($email,$password,$key)
{
global $mySQL;
if (checkEmailKey($email,$key) === false) return false;
if ($SQL = $mySQL->prepare("UPDATE `users` SET `encrypted_password` = ? WHERE `email` = ?"))
{
$password = md5(trim($password) . PW_SALT);
$SQL->bind_param('ss',$email,$password);
$SQL->execute();
$SQL->close();
$SQL = $mySQL->prepare("DELETE FROM `recoveryemails_enc` WHERE `Key` = ?");
$SQL->bind_param('s',$key);
$SQL->execute();
}
}