我的php&mysqli脚本即使数据库中有一行,也返回零行

问题描述 投票:0回答:1

我是PHP和MySQL的新手,所以我正在使用本教程视频在登录系统上为他们之前的教程设置忘记的密码系统(https://www.youtube.com/watch?v=wUkKCMEYj9M,我正在研究的部分的时间戳为1:05 :46)。一切正常,直到我到达必须创建新密码的位置,并且每当我提交新密码时,它都会收到一条错误消息,本质上说数据库中没有行,或者至少我认为这就是错误是。 (错误消息:您需要重新提交您的请求(1))在下​​面,我给出了我的代码(数据库连接器的文件准确地命名为dbc.inc.php,我在最初命名时将其弄乱了,所以我只申请(与我的脚本的名称不同)。如果您看到它的名字,我将非常感谢。谢谢!

<?php

if(isset($_POST["reset-password-submit"])) {

    $selector = $_POST["selector"];
    $validator = $_POST["validator"];
    $password = $_POST["pwd"];
    $passwordRepeat = $_POST["pwd-repeat"];

    if(empty($password) || empty($passwordRepeat)) {
        header("Location: ../create-new-password.php?newpwd=empty&selector=". $selector . "&validator=" . $validator);
        exit();
    } 
    else if ($password != $passwordRepeat){
        header("Location: ../create-new-password.php?newpwd=pwdnotsame&selector=". $selector . "&validator=" . $validator);
        exit();
    }

    $currentDate = date("U");

    require 'dbc.inc.php';

    $sql = "SELECT * FROM pwdReset WHERE pwdResetSelector=? AND pwdResetExpires >= ?";
    $stmt = mysqli_stmt_init($conn);
    if(!mysqli_stmt_prepare($stmt, $sql)) {
        echo "There was an error. (1)";
        exit();
    } 
    else {
        mysqli_stmt_bind_param($stmt, "ss", $selector, $currentDate);
        mysqli_stmt_execute($stmt);

        $result = mysqli_stmt_get_result($stmt);
        if(!$row = mysqli_fetch_assoc($result)) {
            echo "You need to re-submit your reset request. (1)";
            exit();
        } 
        else 
        {
            $tokenBin = hex2bin($validator);
            $tokenCheck = password_verify($tokenBin, $row["pwdResetToken"]);

            if($tokenCheck == false) 
            {
                echo "You need to re-submit your reset request. (2)";
                exit();
            } 
            else if ($tokenCheck == true) 
            {
                $tokenEmail = $row['pwdResetEmail'];

                $sql = "SELECT * FROM users WHERE emailUsers=?;";
                $stmt = mysqli_stmt_init($conn);
                if(!mysqli_stmt_prepare($stmt, $sql)) {
                    echo "There was an error. (2)";
                    exit();
                } 
                else {
                    mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
                    mysqli_stmt_execute($stmt);

                    $result = mysqli_stmt_get_result($stmt);
                    if(!$row = mysqli_fetch_assoc($result)) {
                        echo "There was an error. (3)";
                        exit();
                    } 
                    else 
                    {
                        $sql = "UPDATE users SET pwdUsers=? WHERE emailUsers=?";
                        $stmt = mysqli_stmt_init($conn);
                        if(!mysqli_stmt_prepare($stmt, $sql)) {
                            echo "There was an error. (4)";
                            exit();
                        } 
                        else {
                            $newPwdHash = password_hash($password, PASSWORD_DEFAULT);
                            mysqli_stmt_bind_param($stmt, "ss", $newPwdHash, $tokenEmail);
                            mysqli_stmt_execute($stmt); 

                            $sql = "DELETE FROM pwdReset WHERE pwdResetEmails=?";
                            $stmt = mysqli_stmt_init($conn);
                            if(!mysqli_stmt_prepare($stmt, $sql)) {
                                echo "There was an error. (5)";
                                exit();
                            } 
                            else {
                                mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
                                mysqli_stmt_execute($stmt); 
                                header("Location: ../signup.php?newpwd=passwordupdated");
                            }
                        }
                    }
                }
            }
        }
    }
}
else {
    header("Location: ../index.php");
}
php mysql database
1个回答
0
投票

我弄清楚出了什么问题。在页面中,用户将在其上输入新密码,同时还存储选择器和令牌,这两者我都拼错了值。上面的脚本可以正常工作,并且只需稍微调整一下底部即可。

新的哈希部分应为:

$newPwdHash = password_hash($password, PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt, "ss", $newPwdHash, $tokenEmail);
mysqli_stmt_execute($stmt); 

$sql = "DELETE FROM pwdReset WHERE pwdResetEmail=?";
$stmt = mysqli_stmt_init($conn);
if (!mysqli_stmt_prepare($stmt, $sql)) {
     echo "There was an error 5";
     exit();
} else {
      mysqli_stmt_bind_param($stmt, "s", $tokenEmail);
      mysqli_stmt_execute($stmt);
      header("Location: ../signup.php?newpwd=passwordupdated");
}

不是上面的原始内容。

© www.soinside.com 2019 - 2024. All rights reserved.