0

当点击提交按钮时,这是 2 个表单和 2 个操作。第一个表格询问帐户名称并检查验证码是否正常。当两者都很好时,它会将用户转到下一个表单,询问他 2 个问题,以便他可以检索他的密码。代码执行良好,但我遇到了问题。当一切正常时:帐户存在,验证码很好,两个问题都正常,当用户在第二个表单上点击提交按钮时,第一个动作的 else 语句再次执行,但表单连续正常,他收到了他的密码电子邮件。任何帮助都会得到帮助:)

if ('POST' === $_SERVER['REQUEST_METHOD']){
if($_POST['lostpassword']=='account' AND ($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"]) {

connectdb($CONFIG['dbdbname'], $CONFIG['dbaddress'], $CONFIG['dbuser'], $CONFIG['dbpass']);

$postusername = $_POST['account'];
$postusername = antiinjection($postusername);

$result = mssql_query (sprintf(SELECT_USER_FULLINFO, $postusername));
$rows=mssql_num_rows($result);

if($rows>0) {
    $rows=mssql_fetch_assoc($result); 
    extract($rows);
    $error = 2;
} else {
    echo "Account doesn't exist.<br>";
    $error = 1;
}       
}
else { 
       echo '<script language="JavaScript">
             alert("Wrong Verification code. Please try again.");
             </script>';
     }
}

表格:

<form name='lostpassword' action='index.php?page=lostpassword' method='post'     onsubmit='return checkform1()' autocomplete='off'>
    <table CELLSPACING=0 BORDER=0 CELLPADDING=0 align=CENTER>
        <tr>
            <td width=200>
                Account
            </td>
            <td>
                <div align=right>
                    <input type=text maxlength=14 name=account>
                </div>
            </td>
        </tr>
        <tr>
            <td valign=middle>
                Verification Image  <img src=\"captcha.php\">
            </td>
            <td>
                <div align=right>
                    <input type=text maxlength=4 name=captcha>
                </div>
            </td>
        </tr>

    </table>
    <div align=center>
        <BR>
        <input type=hidden name=lostpassword value='account'>
        <input type=submit name=Login value='   Submit   '>
    </div>
</form>

下一步行动:

if($_POST['lostpassword']=='email' ) {

$error = 3;
$postusername = $_POST['account'];
$postanswer1 = $_POST['answer1'];
$postanswer2 = $_POST['answer2'];
$postusername = antiinjection($postusername);
$postanswer1 = antiinjection($postanswer1);
$postanswer2 = antiinjection($postanswer2);

connectdb($CONFIG['dbdbname'], $CONFIG['dbaddress'], $CONFIG['dbuser'], $CONFIG['dbpass']);

$result = mssql_query (sprintf(SELECT_USER_FULLINFO, $postusername));
$rows=mssql_num_rows($result);

if($rows>0) {
    $rows=mssql_fetch_assoc($result); 
    extract($rows);

    $postanswer1 = encrypt($postanswer1);
    $postanswer2 = encrypt($postanswer2);
    $answer1 = '0x' . substr(bin2hex($answer1), 0, 32);
    $answer2 = '0x' . substr(bin2hex($answer2), 0, 32);

    if($answer1!=$postanswer1) {
        echo "Answer to security question #1 is incorrect.<br>";
        $error = 2;
    }
    if($answer2!=$postanswer2) {
        echo "Answer to security question #2 is incorrect.<br>";
        $error = 2;
    }
} else {
    echo "Account doesn't exist.<br>";
    $error = 1;
}

}

此操作的表格:

<form name='lostpassword' action='index.php?page=lostpassword' method='post'      onsubmit='return checkform2()' autocomplete='off'>
<table CELLSPACING=0 BORDER=0 CELLPADDING=0 align=CENTER>
<tr>
    <td  width=200>
        Security Question #1
    </td>
    <td>
        <div align=right>
            {$quiz1}
        </div>
    </td>
</tr>
<tr>
    <td>
        Security Answer #1
    </td>
    <td>
        <div align=right>
            <input type=text maxlength=32 name=answer1>
        </div>
    </td>
</tr>
<tr>
    <td>
        Security Question #2
    </td>
    <td>
        <div align=right>
            {$quiz2}
        </div>
    </td>
</tr>
<tr>
    <td>
        Security Answer #2
    </td>
    <td>
        <div align=right>
            <input type=text maxlength=32 name=answer2>
        </div>
    </td>
</tr>
</table>
<div align=center>
    <BR>
    <input type=hidden name=lostpassword value='email'>
    <input type=hidden name=account value='{$postusername}'>
    <input type=submit name=Login value='   Submit   '>
</div>
</form>

电子邮件代码:

if($error==3) {

$newpassword = mt_rand(1000000,9999999);
$newpassword = md5($newpassword);
$newpassword = substr($newpassword, 0, 15);
$encnewpassword = encrypt($newpassword);
echo '<br>';

mssql_query(sprintf(UPDATE_PASSWORD, $encnewpassword, $account));

if($CONFIG['email']==0) {
    echo "<strong>Your password has been reseted to...</strong><br>{$newpassword}<br><br>";
} elseif($CONFIG['email']==1) {
    sendemail($CONFIG['emailsmtp'], $CONFIG['emailuser'], $CONFIG['emailpass'], $CONFIG['emailaddress'], $CONFIG['servername'], "Lost Password", $email, $account, $newpassword, $ssn, "<strong>Your password has been reseted and sent to your email.</strong>");
}

}
4

2 回答 2

0

当然执行第一个条件的 else 语句,因为 else 语句验证 first if 的否定:

if ('POST' === $_SERVER['REQUEST_METHOD']){

}
else {

}

而当用户提交第二个表单时,显然进入了第一个条件。

您可以通过例如向提交输入按钮添加另一个名称值来解决此问题,例如:

<input type='submit' name='LoginAct1' value='Submit' />
<input type='submit' name='LoginAct2' value='Submit' />

然后您将验证发送了哪些表单数据。

if ('POST' === $_SERVER['REQUEST_METHOD'] && isset($_POST['LoginAct1']) ){
     //blah blah
}

if ('POST' === $_SERVER['REQUEST_METHOD'] && isset($_POST['LoginAct2']) ){
     //blah blah
}
于 2013-10-28T13:54:26.430 回答
0

You need to write the first action's "if condition" as follows:

if ('POST' === $_SERVER['REQUEST_METHOD'] && $_POST['lostpassword']=='account'){
    //rest of the code
}

Then your code will be working fine.

于 2013-10-28T14:11:27.863 回答