我想制作一个重置密码脚本,但它不起作用,因为某种原因它没有更新数据库。
代码:
<?php
include 'header.php';
error_reporting(0);
session_start();
$username = $_SESSION['username'];
$userid = $_SESSION['id'];
if (empty($username) && empty($userid) ) {
$form='
<table>
<form action="forgotpass.php" method="POST">
<tr>
<td>Username :</td>
<td><input type="text" name="user"></td>
</tr>
<tr>
<td>Email:</td>
<td><input type="text" name="email"></td>
<td>Must be a valid email address.</td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="resetbtn" value="Reset password"></td>
</tr>
</form>
</table> ';
$user = $_POST['user'];
$email = $_POST['email'];
if (isset($_POST['resetbtn'])) {
if ($user) {
if ($email) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
require 'core/connect.php';
$query = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM users WHERE username = '$user' ");
$numrows = mysqli_num_rows($query);
if ($numrows == 1) {
$row = mysqli_fetch_assoc($query);
$dbemail = $row['email'];
if ($email = $dbemail) {
function better_crypt($input, $rounds = 7) {
$salt = "";
$salt_chars = array_merge(range('A','Z'), range('a','z'), range(0,9));
for($i=0; $i < 22; $i++) {
$salt .= $salt_chars[array_rand($salt_chars)];
}
return crypt($input, sprintf('$2a$%02d$', $rounds) . $salt);
}
$password_hash = better_crypt($password);
$password_hash = better_crypt($password, 10);
$password_hash = better_crypt($password, 15);
$new_pass = substr($password_hash, 0, 15);
mysqli_query($GLOBALS["___mysqli_ston"], "UPDATE users SET password = '$new_pass' WHERE username = '$username' ");
$query = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT * FROM users WHERE username = '$user' AND password = '$new_pass' ");
$numrows = mysqli_num_rows($query);
if ($numrows == 1) {
$site = "http://localhost/website";
$webmaster = "Demo Site<JadWalidSamadi@gmail.com>";
$headers = "From: $webmaster";
$subject = "Password reset";
$message = "You have asked for a password reset for Demo Site.'n";
$message = "New password :";
$message = "$new_pass";
$message .="You must change your password as soon as you re-log in.";
if (mail ($getemail, $subject, $message, $headers)) {
echo '<font color="green">Your new password has been sent to your email. </font>';
echo $email;
} else {
echo '<font color="red">An error has occurred.Your activation email was not sent.</font>';
}
}else {
echo '<font color="red">An error has occurred . Your password was not reset.</font>';
}
}else{
echo '<font color="red">You have provided an invalid username or email.</font>';
echo $form;
}
}else{
echo '<font color="red">You have provided an invalid username or email.</font>';
echo $form;
}
mysql_close();
} else {
echo '<font color="red">You must provide a valid email.</font>';
echo $form;
}
} else {
echo '<font color="red">You must provide your email.</font>';
echo $form;
}
} else{
echo '<font color="red">You must provide your username.</font>';
echo $form;
}
}else{
echo $form;
}
}else{
echo '<font color="red">You must be logged out to be able to access this page''s content.</font>';
}
include 'footer.php';
?>
有很多错误,但主要是:
第64行:
"UPDATE users SET password = '$new_pass' WHERE username = '$username' "
变量$username必须为空,因为此代码在具有以下条件的条件块内运行:
第9行:
if (empty($username) && empty($userid) ) {
可能您想使用$user变量而不是
接下来,第59行:
$password_hash = better_crypt($password);
$password是未定义的
最后,第78行:
if (mail ($getemail, $subject, $message, $headers)) {
$getemail未定义