我正在尝试开发忘记密码系统。一切似乎工作正常,甚至密码更新消息提示在我的登录屏幕页面,但实际上它没有在数据库中更新。我不明白为什么会这样。我也使用phpmailer发送电子邮件。任何帮助都会有很大帮助
重置密码页面:
<?php
if(isset($_POST['reset-submit'])){
$selector=$_POST['selector'];
$validator=$_POST['validator'];
$password=$_POST['password1'];
$passwordRepeat=$_POST['password2'];
if(empty($password) || empty($passwordRepeat)){
echo "empty fields";
}
elseif($password!=$passwordRepeat){
echo "password did not match";
}
$expiryDate=date("U");
require "db.inc.php";
$sql="SELECT * FROM pwdreset WHERE pwdresetSelector=? AND pwdresetExpires >= ?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
echo "Could not validate your request";
}
else{
mysqli_stmt_bind_param($stmt,"ss",$selector,$expiryDate);
mysqli_stmt_execute($stmt);
$result=mysqli_stmt_get_result($stmt);
if(!$row=mysqli_fetch_assoc($result)){
echo "Could not validate your request";
}
else{
$tokenBin=hex2bin($validator);
$tokenCheck=password_verify($tokenBin,$row['pwdresetToken']);
if($tokenCheck===false){
echo "Could not validate your request";
}
elseif($tokenCheck===true){
$tokenEmail=$row['pwdresetEmail'];
$sql="SELECT * FROM users WHERE emailUsers=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
echo "Could not validate your request";
}
else{
mysqli_stmt_bind_param($stmt,"s",$tokenEmail);
mysqli_stmt_execute($stmt);
$result=mysqli_stmt_get_result($stmt);
if(!$row=mysqli_fetch_assoc($result)){
echo "Could not validate your request";
}
else{
$sql="UPDATE users SET pwdUsers=? WHERE emailUsers=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
echo "Could not validate your request";
}
else{
$newpasswordHash=password_hash($password,PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt,"ss",$tokenEmail,$newpasswordHash);
mysqli_stmt_execute($stmt);
$sql="DELETE FROM pwdreset WHERE pwdresetEmail=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
header("Location: ../createnewpassword.php?error=sqlerror");
exit();
}
else{
mysqli_stmt_bind_param($stmt,"s",$tokenEmail);
mysqli_stmt_execute($stmt);
header("Location: ../login.php?resetpassword=success");
exit();
}
}
}
}
}
else{
echo "Could not validate your request";
}
}
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
}
else{
header("Location: ../index.php");
exit();
}
使用如此多的else语句和通用消息很难读取您的代码。在开发时,您希望显示容易出错的错误1.了解导致它们的原因并且2.适当地处理它们。当代码在生产中时,这些消息应该只是通用的(没有mysql错误等)。
我把你的代码放到一个函数中,使其易于处理和阅读。
我假设你的问题归结为这一行:mysqli_stmt_bind_param($stmt,"ss",$newpasswordHash,$tokenEmail);
你在哪里颠倒了更新的值。如果我让自己使用它,我可能只是使用一个类并将其分解为不同的函数,因为它是执行多个函数的相当大的代码。
<?php
if(isset($_POST['reset-submit'])){
$selector=$_POST['selector'];
$validator=$_POST['validator'];
$password=$_POST['password1'];
$passwordRepeat=$_POST['password2'];
if(empty($password) || empty($passwordRepeat)){
echo "empty fields";
exit();
}
elseif($password!=$passwordRepeat){
echo "password did not match";
exit();
}
$expiryDate=date("U");
require "db.inc.php";
$reset = reset_password( $conn , $selector , $validator , $password );
if( ! $reset['Results'] ){
echo $reset['Msg'];
exit();
}
header("Location: ../login.php?resetpassword=success");
exit();
}
else{
header("Location: ../index.php");
exit();
}
function reset_password( $conn , $selector , $validator , $password ){
$sql="SELECT * FROM pwdreset WHERE pwdresetSelector=? AND pwdresetExpires >= ?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => '1: SQL Error - ' . mysqli_error($conn) ];
}
mysqli_stmt_bind_param($stmt,"ss",$selector,$expiryDate);
if( ! mysqli_stmt_execute($stmt) ){
return [ 'Result' => false , 'Msg' => 'Failed to execute 1' ];
}
$result=mysqli_stmt_get_result($stmt);
if(!$row=mysqli_fetch_assoc($result)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'Failed to find reset' ];
}
$tokenBin=hex2bin($validator);
if( ! password_verify($tokenBin,$row['pwdresetToken']) ){ //you can check against this directly. No need to put it into a variable.
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'Incorrect Password' ];
}
$tokenEmail=$row['pwdresetEmail'];
mysqli_stmt_close($stmt);
$sql="SELECT * FROM users WHERE emailUsers=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => '2: SQL Error - ' . mysqli_error($conn) ];
}
mysqli_stmt_bind_param($stmt,"s",$tokenEmail);
if( ! mysqli_stmt_execute($stmt) ){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'Failed to execute 2' ];
}
$result=mysqli_stmt_get_result($stmt);
if(!$row=mysqli_fetch_assoc($result)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'No User Found' ];
}
mysqli_stmt_close($stmt);
$sql="UPDATE users SET pwdUsers=? WHERE emailUsers=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => '3: SQL Error - ' . mysqli_error($conn) ];
}
$newpasswordHash=password_hash($password,PASSWORD_DEFAULT);
mysqli_stmt_bind_param($stmt,"ss",$newpasswordHash,$tokenEmail); //you had these reversed. According to your SQL looks like it should be this way
if( ! mysqli_stmt_execute($stmt) ){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'Failed to execute 3' ];
}
mysqli_stmt_close($stmt);
$sql="DELETE FROM pwdreset WHERE pwdresetEmail=?;";
$stmt=mysqli_stmt_init($conn);
if(!mysqli_stmt_prepare($stmt,$sql)){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => '4: SQL Error - ' . mysqli_error($conn) ];
}
mysqli_stmt_bind_param($stmt,"s",$tokenEmail);
if( ! mysqli_stmt_execute($stmt) ){
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => false , 'Msg' => 'Failed to execute 4' ];
}
mysqli_stmt_close($stmt);
mysqli_close($conn);
return [ 'Result' => true , 'Msg' => 'Failed to execute 4' ];
}