1. 技术文章
  2. Resetting new password, token became empty

Resetting new password, token became empty

守給你的承諾、 提交于 2019-12-11 20:44:00

问题


I am trying to write the script for resetting password, i have got the putting the token into database, and checking if the token exist in the database, and to the part where i am going to reset the database. But for some reason,it is updating the database where there are no tokens. I am not sure why.... I am very new to coding, hope my code isnt too hard to read and have too much flaws. 

 <?php

    ini_set('display_errors', 1); error_reporting(E_ALL);
    session_start();
    include 'connect.php';


    $token = isset($_GET['token'])?$_GET['token']:"";


        echo"$token";


    $check=mysqli_query($con,"SELECT email FROM Test WHERE reset = '$token'")or die( mysqli_error($con));
     while($row = mysqli_fetch_array($check)){

            $email = $row['email'];

             }
    if (mysqli_num_rows($check)==0)
          echo ("Token Doesnt exist");

        elseif($_POST) {






     //get form data



     $password1 = mysqli_real_escape_string($con,$_POST['password1']);
      $password = mysqli_real_escape_string($con,$_POST['password']);

     if (!$password){
        echo "Please fill out all fields"; 
     }
     else if ($password1 !== $password)
     {
         echo "Password don't match";

     }
     else 
     {
         echo"$email";
         echo"token";
        //encrypt password
        $password = md5($password);

        //check if username already taken
        mysqli_query($con,"UPDATE Test SET password = '$password'
                    where email = '$email';") or die(mysqli_error($con));



               //register into database


    echo "Added";


           }
        }





    else
    {

    ?>

    <form action='ResetPassword.php' method='POST'>
    Your new password:<br />
    <input type='password' name='password1'><p />


    Re-enter your new password:<br />
    <input type='password' name='password'><p />

    <input type='submit' name='Change Password' value='Change Password'>
    </form>

    <?php

    }

    ?>

回答1:


try

<?php
    ini_set('display_errors', 1); error_reporting(E_ALL);
    session_start();
    include 'connect.php';
    $token = isset($_GET['token']) ? $_GET['token'] : "";
    if(!empty($token)) {
        $check=mysqli_query($con,"SELECT email FROM Test WHERE reset = '$token'")or die( mysqli_error($con));
        if (mysqli_num_rows($check)> 0) {
          $row = mysqli_fetch_array($check)
          $email = $row['email'];
        }
        else {
          echo 'Email not found with this Token';
        }
    }
    else {
      echo 'Token does not exist';
    }
    if(!empty($email) && isset($_POST['changepass'])) {
      $password1 = mysqli_real_escape_string($con,$_POST['password1']);
      $password = mysqli_real_escape_string($con,$_POST['password']);
      if (!$password){
        echo "Please fill out all fields"; 
      }
      else if ($password1 !== $password) {
         echo "Password don't match";
      }
      else {
        //encrypt password
        $password = md5($password);
        //check if username already taken
        mysqli_query($con,"UPDATE Test SET password = '$password' where email = '$email'") or die(mysqli_error($con));
        echo "Added";
     }
   }
   if(!isset($_POST['changepass'])){?>
    <form action='ResetPassword.php' method='POST'>
    Your new password:<br />
    <input type='password' name='password1'><p />
    Re-enter your new password:<br />
    <input type='password' name='password'><p />
    <input type='hidden' name='token' value='<?php if(isset($_GET['token'])) echo $_GET['token'];?>'>
    <input type='submit' name='changepass' value='Change Password'>
    </form>
    <?php }


来源:https://stackoverflow.com/questions/24400973/resetting-new-password-token-became-empty

标签
php
mysql
token
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!