时间戳

首页 > 解决方案 > mysqli 更新数据库接收电子邮件和密码重置令牌

php - mysqli 更新数据库接收电子邮件和密码重置令牌

问题描述

我已经搜索和搜索。我在网站上有多个查询,除了最后两个,它们在这个文件中。我只是找不到/弄明白。筋疲力尽。

我创建了重置密码功能。用户输入他们的电子邮件,如果在我的数据库中找到该电子邮件,则将重置令牌发送到该电子邮件。当单击电子邮件中的重置链接时,它会定向到包含电子邮件和令牌信息的重置密码页面。

除了表格没有更新之外,一切都在正常运行。我想用 ipaddress 和新密码更新 idaccount 表。我想在 used 列中使用 ipaddress 和“UsedToken”更新重置表。(这样我可以双重使用该表。如果用户更改了登录帐户中的密码并请求了电子邮件/令牌,则显示特定数据。)最终,我想根据“已使用”列制作无法重用令牌的代码不为空并验证该令牌实际上已被使用。

更改密码的基本 HTML 表单:

<body>


<form id="forgotpwdreset" name="forgotpwdreset" method="post" action="" onsubmit="forgotpwdalert()"<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>

<table border="0">
    <tr></tr>
    <tr></tr>

    <input type="hidden" name="email" value="<?php echo $email; ?>" />
    <input type="hidden" name="token" value="<?php echo $token; ?>" />


    Password must be at least 8 characters long and contain at least 1 number AND 1 capital letter.<br /><br />
    <tr>New Password:  <align="center"><input required type="password" name="newpassword" id="newpassword" placeholder="" pattern="(?=.*\d)(?=.*[A-Z]).{8,}">&nbsp;&nbsp;<input type="checkbox" onclick="togglepassword()"> Show Password<br /><br />
    <tr></tr><br />

    <tr>Confirm Password:  <align="center"><input required type="password" name="newpassword2" id="newpassword2" placeholder="" pattern="(?=.*\d)(?=.*[A-Z]).{8,}" onchange="confirmpwd()"><br />
    <tr></tr><br />

    <tr>
    <tr></tr><br />

    <tr><align="center"><input type="submit" name="pwdresetsubmit" id="pwdresetsubmit" value="Reset Password" onclick="return confirmpwd()" />&nbsp;&nbsp;&nbsp
    <tr></tr><br />

    </table>
</form>

</body>

PHP 处理表单:

    <?php

    include 'insert.php';

    if(isset($_SESSION['ondashsession'])){

    $session = $_SESSION['ondashsession'];

    $sql = "SELECT * FROM ondash_idaccount WHERE ID = '$session'";
    $result = mysqli_query($dbcon, $sql) or die("Error");


while($row = mysqli_fetch_assoc($result)){
     echo "You are already logged in,  " . $row['firstname'] . "." . "<br />";
}
}else{



if (isset($_POST['pwdresetsubmit'])) {

  $newpassword2 = $_POST['newpassword2'];
  $ipaddress = $_SERVER['REMOTE ADDR'];
  // Grab token and email that came from the email link
  $token = $_GET['token'];
  $email = $_GET['email'];

 //echo "Token:  " . $token . "<br />" . "Email:  " . $email; //returns correct info working properly.


 // select email address of user from the password_reset table 

    $sqlnewpass = "SELECT * FROM password_resets WHERE token='$token' AND email='$email'";
    $results = mysqli_query($dbcon, $sqlnewpass);


if (mysqli_num_rows($results) > 0 ){
    $row = mysqli_fetch_assoc($results);

//  print_r($row['email']); //returns correct result
//  print_r("# of rows:  " . $numrows);  //returns correct result

//WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...WORKS UP TO HERE...

    $sql2 = "UPDATE ondash_idaccount SET `password`=?, `ipaddress`=? WHERE `email`='$email'";
    $stmt2 = mysqli_stmt_init($dbcon);

if(!mysqli_stmt_prepare($stmt2, $sql2)){
    echo "SQL error" . $dbcon->error;
}else{

    $hashedpassword = password_hash($newpassword2, PASSWORD_DEFAULT);
    //var_dump($hashedpassword); //generating hash pwd works but not updating database


    mysqli_stmt_bind_param($stmt2, "ss", $hashedpassword, $ipaddress);
    mysqli_stmt_execute($stmt2);
    $stmt2->close();
    error_reporting(E_ALL);
//  echo "SQL 2 error" . $dbcon->error; //No errors reporting

    $UsedToken = 'UsedToken';

    "UPDATE password_resets SET `used`='$UsedToken', `ipaddress`='$ipaddress' WHERE `token`='$token' AND `email`='$email'";


}
}
}

?>

两张表都没有更新。我错过了什么?对这个新手的任何帮助将不胜感激。

更新:

由于拼写错误,第一个查询已停止。我有$_SERVER['REMOTE ADDR'];。注意 _ 丢失了。因此,整个查询停止而没有错误。更改为$_SERVER['REMOTE_ADDR'];,瞧!发现这是一个恶臭。基本上,我用一些标签回显每个变量以了解显示的内容,并注意到 ipaddress 是空白的!

第二个查询仍然不确定发生了什么。然而,遵循一个很好的绑定参数的建议(我应该这样做,无论如何我都应该这样做)我重写了代码(最后一次爆炸!)这样做。再次,瞧!

我正在发布我更新的代码。希望它对接收和更新与密码重置令牌相关的问题的人有用。我还实现了令牌不能重复使用的策略。一切都像野兽一样工作!

更新的 PHP:

<?php

include 'insert.php';

if(isset($_SESSION['ondashsession'])){

$session = $_SESSION['ondashsession'];

$sql = "SELECT * FROM ondash_idaccount WHERE ID = '$session'";
$result = mysqli_query($dbcon, $sql) or die(mysqli_error($dbcon));


while($row = mysqli_fetch_assoc($result)){
     echo "You are already logged in,  " . $row['firstname'] . "." . "<br />";
}
}else{

//Check if token has already been used

$token = $_GET['token'];
$email = $_GET['email'];

$sqlused = "SELECT * FROM password_resets WHERE token='$token' AND email='$email'";
$resultsused = mysqli_query($dbcon, $sqlused);


   if (mysqli_num_rows($resultsused) > 0 ){
    $row = mysqli_fetch_assoc($resultsused);
//echo $row['used'];

    if($row['used'] == 'UsedToken'){

        echo "<strong>That reset link has already been used. Please request another.</strong>";

  }else{

if (isset($_POST['pwdresetsubmit'])) {

error_reporting(E_ALL);

  $newpassword2 = $_POST['newpassword2'];
  $ipaddress = $_SERVER['REMOTE_ADDR'];

  // Grab token and email that came from the email link

  $token = $_GET['token'];
  $email = $_GET['email'];

 // select data from password_reset table 

    $sqlnewpass = "SELECT * FROM password_resets WHERE token='$token' AND email='$email'";
    $results = mysqli_query($dbcon, $sqlnewpass);


   if (mysqli_num_rows($results) > 0 ){
    $row = mysqli_fetch_assoc($results);

//update user password in database

    $sql2 = "UPDATE ondash_idaccount SET `password`=?, `ipaddress`=? WHERE `email`='$email'";
    $stmt2 = mysqli_stmt_init($dbcon);

if(!mysqli_stmt_prepare($stmt2, $sql2)){
    echo "SQL error" . $dbcon->error;
}else{

    $hashedpassword = password_hash($newpassword2, PASSWORD_DEFAULT);
    //var_dump($hashedpassword); //generating hash pwd works but not updating database


    mysqli_stmt_bind_param($stmt2, "ss", $hashedpassword, $ipaddress);
    mysqli_stmt_execute($stmt2);
    $stmt2->close();

    echo "<strong>Password successfully reset!</strong>";

//Update pwd reset table

$UsedToken = 'UsedToken';

    $sql3 = "UPDATE password_resets SET `used`=?, `ipaddress`=? WHERE `token`='$token' AND `email`='$email'";
    $stmt3 = mysqli_stmt_init($dbcon);

if(!mysqli_stmt_prepare($stmt3, $sql3)){
    echo "SQL error" . $dbcon->error;
}else{

    mysqli_stmt_bind_param($stmt3, "ss", $UsedToken, $ipaddress);
    mysqli_stmt_execute($stmt3);
    $stmt3->close();
//  echo "SQL 2 error" . $dbcon->error; //No errors reporting
//  echo $row['email'] . $row['ipaddress'];

标签: phpformssessionmysqli

解决方案

更新:

由于拼写错误,第一个查询已停止。我有$_SERVER['REMOTE ADDR'];。注意 _ 丢失了。因此,整个查询停止而没有错误。更改为$_SERVER['REMOTE_ADDR'];,瞧!发现这是一个恶臭。基本上,我用一些标签回显每个变量以了解显示的内容,并注意到 ipaddress 是空白的!

第二个查询仍然不确定发生了什么。然而,根据一个很好的绑定参数的建议(无论如何我都应该这样做),我重写了代码(最后一次爆炸!)这样做。再次,瞧!

我正在发布我更新的代码。希望它对接收和更新与密码重置令牌相关的问题的人有用。我还实现了令牌不能重复使用的策略。一切都像野兽一样工作!

更新的 PHP:

<?php

include 'insert.php';

if(isset($_SESSION['ondashsession'])){

$session = $_SESSION['ondashsession'];

$sql = "SELECT * FROM ondash_idaccount WHERE ID = '$session'";
$result = mysqli_query($dbcon, $sql) or die(mysqli_error($dbcon));


while($row = mysqli_fetch_assoc($result)){
     echo "You are already logged in,  " . $row['firstname'] . "." . "<br />";
}
}else{

//Check if token has already been used

$token = $_GET['token'];
$email = $_GET['email'];

$sqlused = "SELECT * FROM password_resets WHERE token='$token' AND email='$email'";
$resultsused = mysqli_query($dbcon, $sqlused);


   if (mysqli_num_rows($resultsused) > 0 ){
    $row = mysqli_fetch_assoc($resultsused);
//echo $row['used'];

    if($row['used'] == 'UsedToken'){

        echo "<strong>That reset link has already been used. Please request another.</strong>";

  }else{

if (isset($_POST['pwdresetsubmit'])) {

error_reporting(E_ALL);

  $newpassword2 = $_POST['newpassword2'];
  $ipaddress = $_SERVER['REMOTE_ADDR'];

  // Grab token and email that came from the email link

  $token = $_GET['token'];
  $email = $_GET['email'];

 // select data from password_reset table 

    $sqlnewpass = "SELECT * FROM password_resets WHERE token='$token' AND email='$email'";
    $results = mysqli_query($dbcon, $sqlnewpass);


   if (mysqli_num_rows($results) > 0 ){
    $row = mysqli_fetch_assoc($results);

//update user password in database

    $sql2 = "UPDATE ondash_idaccount SET `password`=?, `ipaddress`=? WHERE `email`='$email'";
    $stmt2 = mysqli_stmt_init($dbcon);

if(!mysqli_stmt_prepare($stmt2, $sql2)){
    echo "SQL error" . $dbcon->error;
}else{

    $hashedpassword = password_hash($newpassword2, PASSWORD_DEFAULT);
    //var_dump($hashedpassword); //generating hash pwd works but not updating database


    mysqli_stmt_bind_param($stmt2, "ss", $hashedpassword, $ipaddress);
    mysqli_stmt_execute($stmt2);
    $stmt2->close();

    echo "<strong>Password successfully reset!</strong>";

//Update pwd reset table

$UsedToken = 'UsedToken';

    $sql3 = "UPDATE password_resets SET `used`=?, `ipaddress`=? WHERE `token`='$token' AND `email`='$email'";
    $stmt3 = mysqli_stmt_init($dbcon);

if(!mysqli_stmt_prepare($stmt3, $sql3)){
    echo "SQL error" . $dbcon->error;
}else{

    mysqli_stmt_bind_param($stmt3, "ss", $UsedToken, $ipaddress);
    mysqli_stmt_execute($stmt3);
    $stmt3->close();
//  echo "SQL 2 error" . $dbcon->error; //No errors reporting
//  echo $row['email'] . $row['ipaddress'];


}   
}
}
}
}
}
}
}    


?>

推荐阅读