当点击提交按钮时,这是 2 个表单和 2 个操作。第一个表格询问帐户名称并检查验证码是否正常。当两者都很好时,它会将用户转到下一个表单,询问他 2 个问题,以便他可以检索他的密码。代码执行良好,但我遇到了问题。当一切正常时:帐户存在,验证码很好,两个问题都正常,当用户在第二个表单上点击提交按钮时,第一个动作的 else 语句再次执行,但表单连续正常,他收到了他的密码电子邮件。任何帮助都会得到帮助:)
if ('POST' === $_SERVER['REQUEST_METHOD']){
if($_POST['lostpassword']=='account' AND ($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"]) {
connectdb($CONFIG['dbdbname'], $CONFIG['dbaddress'], $CONFIG['dbuser'], $CONFIG['dbpass']);
$postusername = $_POST['account'];
$postusername = antiinjection($postusername);
$result = mssql_query (sprintf(SELECT_USER_FULLINFO, $postusername));
$rows=mssql_num_rows($result);
if($rows>0) {
$rows=mssql_fetch_assoc($result);
extract($rows);
$error = 2;
} else {
echo "Account doesn't exist.<br>";
$error = 1;
}
}
else {
echo '<script language="JavaScript">
alert("Wrong Verification code. Please try again.");
</script>';
}
}
表格:
<form name='lostpassword' action='index.php?page=lostpassword' method='post' onsubmit='return checkform1()' autocomplete='off'>
<table CELLSPACING=0 BORDER=0 CELLPADDING=0 align=CENTER>
<tr>
<td width=200>
Account
</td>
<td>
<div align=right>
<input type=text maxlength=14 name=account>
</div>
</td>
</tr>
<tr>
<td valign=middle>
Verification Image <img src=\"captcha.php\">
</td>
<td>
<div align=right>
<input type=text maxlength=4 name=captcha>
</div>
</td>
</tr>
</table>
<div align=center>
<BR>
<input type=hidden name=lostpassword value='account'>
<input type=submit name=Login value=' Submit '>
</div>
</form>
下一步行动:
if($_POST['lostpassword']=='email' ) {
$error = 3;
$postusername = $_POST['account'];
$postanswer1 = $_POST['answer1'];
$postanswer2 = $_POST['answer2'];
$postusername = antiinjection($postusername);
$postanswer1 = antiinjection($postanswer1);
$postanswer2 = antiinjection($postanswer2);
connectdb($CONFIG['dbdbname'], $CONFIG['dbaddress'], $CONFIG['dbuser'], $CONFIG['dbpass']);
$result = mssql_query (sprintf(SELECT_USER_FULLINFO, $postusername));
$rows=mssql_num_rows($result);
if($rows>0) {
$rows=mssql_fetch_assoc($result);
extract($rows);
$postanswer1 = encrypt($postanswer1);
$postanswer2 = encrypt($postanswer2);
$answer1 = '0x' . substr(bin2hex($answer1), 0, 32);
$answer2 = '0x' . substr(bin2hex($answer2), 0, 32);
if($answer1!=$postanswer1) {
echo "Answer to security question #1 is incorrect.<br>";
$error = 2;
}
if($answer2!=$postanswer2) {
echo "Answer to security question #2 is incorrect.<br>";
$error = 2;
}
} else {
echo "Account doesn't exist.<br>";
$error = 1;
}
}
此操作的表格:
<form name='lostpassword' action='index.php?page=lostpassword' method='post' onsubmit='return checkform2()' autocomplete='off'>
<table CELLSPACING=0 BORDER=0 CELLPADDING=0 align=CENTER>
<tr>
<td width=200>
Security Question #1
</td>
<td>
<div align=right>
{$quiz1}
</div>
</td>
</tr>
<tr>
<td>
Security Answer #1
</td>
<td>
<div align=right>
<input type=text maxlength=32 name=answer1>
</div>
</td>
</tr>
<tr>
<td>
Security Question #2
</td>
<td>
<div align=right>
{$quiz2}
</div>
</td>
</tr>
<tr>
<td>
Security Answer #2
</td>
<td>
<div align=right>
<input type=text maxlength=32 name=answer2>
</div>
</td>
</tr>
</table>
<div align=center>
<BR>
<input type=hidden name=lostpassword value='email'>
<input type=hidden name=account value='{$postusername}'>
<input type=submit name=Login value=' Submit '>
</div>
</form>
电子邮件代码:
if($error==3) {
$newpassword = mt_rand(1000000,9999999);
$newpassword = md5($newpassword);
$newpassword = substr($newpassword, 0, 15);
$encnewpassword = encrypt($newpassword);
echo '<br>';
mssql_query(sprintf(UPDATE_PASSWORD, $encnewpassword, $account));
if($CONFIG['email']==0) {
echo "<strong>Your password has been reseted to...</strong><br>{$newpassword}<br><br>";
} elseif($CONFIG['email']==1) {
sendemail($CONFIG['emailsmtp'], $CONFIG['emailuser'], $CONFIG['emailpass'], $CONFIG['emailaddress'], $CONFIG['servername'], "Lost Password", $email, $account, $newpassword, $ssn, "<strong>Your password has been reseted and sent to your email.</strong>");
}
}