-1
這幾天我有一個嚴重的問題密碼恢復程序。當我在reset.php?recoverykey=6602f445b4736ef3363a31e05750022d上編程if(isset($_POST['pass-submit']))。當有人點擊表單的提交按鈕時,它應該保持在同一頁面進行處理,即在reset.php?recoverykey=6602f445b4736ef3363a31e05750022d。但是相反,我們需要reset.php,因爲變量recoverykey爲空,所以代碼無法工作。即使使用header("Location: reset.php?recoverykey=$recovery_code");後,也沒有任何工作。 我希望它保持在它的位置,即使點擊提交按鈕後,PHP可以根據程序檢查密碼和確認密碼字段是否相同或不正確。
這是我在reset.php所有代碼:
<?php
ob_start();
session_start();
?>
<!DOCTYPE html>
<head>
<meta name="robots" content="noindex" />
<link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
<title>Reset Password</title>
</head>
<?php
include('db-config.php');
function show_change_pass_form(){
?>
<form class="iqform" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<h3>Change your Password</h3>
<label><span class="text-danger"><?php echo $passError ?></span><input type="password" placeholder="New Password" name="new-pass" required /></label>
<label><span class="text-danger"><?php echo $Con_passError; ?></span><input type="password" placeholder="Confirm Password" name="confirm-new-pass" required /></label>
<input type="submit" value="Change Password" name="pass-submit" />
</form>
<?php
}
$recovery_code = $_GET['recoverykey'];
if(empty($recovery_code)){
echo 'Looks like you landed elsewhere.';
}
$sql = "SELECT * FROM RegisteredMembers WHERE RecoveryCode='$recovery_code'";
$result = mysql_query($sql);
if($result){
$count = mysql_num_rows($result);
if($count==1){
if(isset($_POST['pass-submit'])){
header("Location: reset.php?recoverykey=$recovery_code");
$pass = $_POST['new-pass'];
$Con_pass = $_POST['confirm-new-pass'];
// Confirmation
if($pass==$Con_pass){
$sql1 = "UPDATE RegisteredMembers SET password = '$pass' WHERE RecoveryCode = '$recovery_code'";
$output = mysql_query($sql1);
echo $output;
$error = false;
$passError = "Password successfully changed. Feel free to Log In.";
} else if(!($pass==$Con_pass)){
$error = true;
$Con_passError = "The Password isn't matching. Be sure you remember the New Password.";
} else if(empty($pass)){
$error = true;
$passError = "Please do not keep the password empty.";
} else if(empty($Con_pass)){
$error = true;
$Con_passError = "Please do not keep this field empty.";
}
}
show_change_pass_form();
} else if($count==0) {
echo "No such recovery code, please don't try Spamming around!";
}
}
?>
<?php ob_end_flush(); ?>這是我在forget.php代碼(我加了它,雖然它沒有太大的必要):
<?php
ob_start();
session_start();
include('db-config.php');
if(isset($_POST['forgot-submit'])){
$recovery_user = $_POST['forgot-email'];
$query = "SELECT * FROM RegisteredMembers WHERE userEmail='$recovery_user'";
$output = mysql_query($query);
$count = mysql_num_rows($output);
$row = mysql_fetch_array($output);
if($count==1){
$error = false;
// Mail the Recovery link
$recovery_code = md5(uniqid(rand()));
$mTo = $recovery_user;
$mFrom = 'From: '.$website_details['name'].' Team '.'<'.$website_details['email'].'>';
$mSubject = $website_details['name']." Account recovery Mail";
// Message
$mMsg[0] = "Hi ".$row['fname'].", \r\n";
$mMsg[1] = "This is the password recovery email which you have requested just few minutes before. <b>(If you havn't requested, you may kindly ingnore this Email)</b>";
$mMsg[2] = "Here's your <a href='$web_path/reset.php?recoverykey=$recovery_code'>Password Recovery Link</a>. Clicking it would allow you to change your existing password into a new one.";
$mFinMsg = $mMsg[0].$mMsg[1].$mMsg[2];
$sendRecMail = mail($mTo , $mSubject , $mFinMsg , $mFrom);
// Add recovery code to Database
$mysql = "UPDATE RegisteredMembers SET RecoveryCode='$recovery_code' WHERE userEmail='$recovery_user'";
$result = mysql_query($mysql);
if($result){
$error = false;
$forgotEmailMsg = "Thanks, Check your Email for recovering your password.";
} else{
echo "Looks like there's a Disturbance and Load on server. Try again later.";
}
} else if(strlen($recovery_user)==0){
$error = true;
$forgotEmailMsg = "Please do not leave this field empty.";
} else{
$error = true;
$forgotEmailMsg = "No such Email found in Database.";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta name="robots" content="noindex" />
<link rel="stylesheet" type="text/css" href="assets/scripts/css/styles.css" />
<title>Password Recovery</title>
</head>
<body>
<form class="iqform" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" autocomplete="off">
<h3>Password Recovery</h3>
<label><span class="text-danger"><?php echo $forgotEmailMsg; ?></span><input type="email" placeholder="Your registered Email" name="forgot-email" required /></label>
<input type="submit" value="Next" name="forgot-submit" />
</form>
</body>
</html>
<?php ob_end_flush(); ?>Forget.php都可以,但可能是你可以從中引用一些東西。
*** STOP *** [using'MySQL_' functions。](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) – Martin