php - 即使一切正常也会出错
问题描述
我在我的 php 登录系统中使用以下代码忘记密码,但后来仍然出现错误用户名或密码不正确。该文件是忘记密码.php。现在我在最后的用户名或电子邮件不正确时收到错误,但我的输入是正确的并根据 mysql 表信息放置。这是我的代码:-(在托管服务器上,所以隐藏了一些信息)。
session_start();
require_once 'Phpmailer/PHPMailerAutoload.php';
if (isset($_SESSION['id'])) {
header('Location: user.php');
die();
}
else {
if($_POST['submit']) {
$username = strip_tags($_POST['username']);
$uemail = strip_tags($_POST['email']);
$db = mysqli_connect("localhost", "username", "password", "thedb") or die ("Failed to connect");
$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
$query = mysqli_query($db, $sql);
if($query) {
$row = mysqli_fetch_row($query);
$dbUserName = $row[1];
$dbUserId = $row[0];
$dbEmail = $row[4];
}
if($username == $dbUserName && $uemail == $dbEmail) {
$_SESSION['username'] = $username;
$_SESSION['id'] = $id;
$token = rand(10);
$db->query("UPDATE members SET token='$token' WHERE id='id'");
$url = "https://www.example.net/resetpass?token=$token" ;
$mail = new PHPMailer(true); // Passing
`true` enables exceptions
try {
//Server settings
$mail->isSMTP(); // Set mailer to use
SMTP
$mail->Host = 'example.net'; // Specify main and
backup SMTP servers
$mail->SMTPAuth = true; // Enable SMTP
authentication
$mail->Username = 'members@example.net'; // SMTP username
$mail->Password = 'password'; // SMTP password
$mail->SMTPSecure = 'ssl'; // Enable TLS
encryption, `ssl` also accepted
$mail->Port = 465; // TCP port to connect
to
//Recipients
$mail->setFrom('members@example.net', 'example');
$mail->addAddress('$uemail'); // Add a recipient
//Content
$mail->isHTML(true); // Set email format to HTML
$mail->Subject = 'Reset Password Request';
$mail->Body = 'We recieved an request for resseting password for user $username, please click the following link for resetting password $url';
//$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';
$mail->send();
$suc = 'Message has been sent';
} catch (Exception $e) {
$err = 'Message could not be sent.';
}
$reset_passwordsuc = "<b><i>Instructions sent to user email.</i><b>";
}
else {
$reset_password = "<b><i>Username or Email Incorrect</i><b>";
}
}
}
?>
最后我得到用户名或电子邮件不正确。请帮忙
解决方案
您必须更改验证用户名和电子邮件的方式。请使用以下修改。
改变:
$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
至:
$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";
改变:
if($username == $dbUserName && $uemail == $dbEmail) {
至:
if(mysqli_num_rows($query) == 1) {
为了使令牌部分起作用,请进行以下修改。
改变:
$_SESSION['id'] = $id;
至:
$_SESSION['id'] = $dbUserId;
改变:
$db->query("UPDATE members SET token='$token' WHERE id='id'");
至:
mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");
PS:您可能想使用准备好的语句来防止 sql 注入攻击。
推荐阅读
- javascript - jQuery 导航和发布 JSON
- tensorflow - 如何在强化学习期间使用带有渐变的 Keras Tensorboard 回调?
- asp.net - 如何在 Asp.Net MVC 5 上使用实体框架 6 将图像(图像路径/二进制)添加到数据库?
- apache-spark - How to use helm chart for spark on k8s
- windows - 无法通过 localhost 访问在 Docker 上运行的 Kurento 媒体服务器
- java - Homework that is like a caesar cipher involving two char[]
- python - 如何通过使用 css 选择器和查找元素来获取所有 href?
- python - 如何使用烧瓶形式获取 RadioField 的值?
- javascript - Simulate scroll over element in WebBrowser
- php - ArgumentCountError : 函数 phpunit 的参数太少