邮件中发送的重置密码链接无效
[英]link sent in mail to reset password do not work
问题描述
I do receive an email to reset my password, but whenever I click the link, it should go to my "change_password.php" but it goes directly to my "index.php" which makes the user not be able to change or reset their password. 
我确实收到了重置密码的电子邮件,但是每当我单击链接时,它都应该转到我的“ change_password.php”,但直接转到我的“ index.php”,这使用户无法更改或重置其密码。密码。
My link contains both the id and code I set, and the code in the database updates whenever the email was sent, but it's the link that doesn't work. 我的链接包含我设置的id和code ,并且每当发送电子邮件时,数据库中的代码就会更新,但这是不起作用的链接。
This is what my link looks like: 我的链接如下所示:
mywebsite.com/change_password.php?user_id=29&key=233602
But when I click that, it should direct me to this page, my change_password.php 但是当我单击它时,它应该将我定向到我的页面change_password.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
include 'lib/password.php';
$db = new mysqli('localhost', 'user', 'pass', 'db');
if($_GET['user_id']!="" && $_GET['key']!=""):
$id=mysqli_real_escape_string(trim($db,$_GET['user_id']));
$code=mysqli_real_escape_string(trim($db,$_GET['key']));
$fetch=$db->query("SELECT * FROM `profile` WHERE id='$id' AND `code` = '$code'");
$count=mysqli_num_rows($fetch);
if($count!=1) :
header("Location:index.php");
endif;
else :
header("Location:index.php");
endif;
?>
<?php include 'home-header.php'; ?>
</head>
<body>
<?php include 'home-navbar.php'; ?>
<div class="modal-dialog">
<h2>Forgot Password Recovery</h2>
<div class="modal-content col-md-8">
<div class="modal-header">
<h4 class="modal-title"><i class="icon-paragraph-justify2"></i> Change New Password</h4>
</div>
<form method="post" autocomplete="off" id="password_form">
<div class="modal-body with-padding">
<div class="form-group">
<div class="row">
<div class="col-sm-10">
<label>New Password</label>
<input type="password" id="passwords" name="password" class="form-control required">
</div>
</div>
</div>
<div class="form-group">
<div class="row">
<div class="col-sm-10">
<label>Confirm password</label>
<input type="password" id="cpassword" name="cpassword" title="Password is mismatch" equalto="#passwords" class="form-control required" value="">
</div>
</div>
</div>
</div>
<div id="error_result"></div>
<!-- end Add popup -->
<div class="modal-footer">
<input type="hidden" name="id" value="<?php echo $id; ?>" id="id">
<button type="submit" id="btn-pwd" class="btn btn-primary">Submit</button>
</div>
</form>
</div>
</div>
<?php include 'home-footer.php';?>
<script>
$(document).ready(function(){
$(document).on('click','#btn-pwd',function(){
var url = "new_password.php";
if($('#password_form').valid()){
$('#error_result').html('<img src="ajax.gif" align="absmiddle"> Please wait...');
$.ajax({
type: "POST",
url: url,
data: $("#password_form").serialize(),
success: function(data) {
if(data==1)
{
$('#error_result').html('Password reset successfully.');
window.setTimeout(function() {
window.location.href = 'index.php?sucess=1';
}, 1000);
}
else
{
$('#error_result').html('Password reset failed. Enter again.');
}
}
});
}
return false;
});
});
</script>
But it's not directing me to that page, it goes to my index.php the moment I click the link. 但是,这并不是将我定向到该页面,而是在单击链接时访问了index.php 。 Why is it? 为什么?
My PHP Mail: 我的PHP邮件:
<?php
$db = new mysqli('localhost', 'user', 'pass', 'db');
if($_POST['email']!=""):
$email=mysqli_real_escape_string($db,$_POST['email']);
$db_check=$db->query("SELECT * FROM `profile` WHERE email='$email'");
$count=mysqli_num_rows($db_check);
if($count==1) :
$row=mysqli_fetch_array($db_check);
$code= rand(10000,1000000);
$link = 'mywebsite.com/change_password.php?user_id='.$row['id'].'&key='.$code;
$fetch=$db->query("UPDATE `profile` SET `code` = '$code' WHERE `email`='$email' ");
$to="$email";
$strSubject="Password Recovery Link";
$message = '<p>Password Recovery Link : '.$link.'</p>' ;
$headers = 'MIME-Version: 1.0'."\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1'."\r\n";
$headers .= "From: no-reply@mywebsite.com";
$mail_sent=mail($to, $strSubject, $message, $headers);
if($mail_sent) echo 1;
else echo 0;
else :
echo 0;
endif;
else :
header("Location:index.php");
endif;
?>
2 个解决方案
解决方案1
6 已采纳 2016-04-20 16:04:00
Everyone else is looking at the if statements, I wonder if its your trim calls that are the problem. 其他人都在看if语句,我想知道是否是您的trim调用是问题所在。
change this 改变这个
$id=mysqli_real_escape_string(trim($db,$_GET['user_id']));
$code=mysqli_real_escape_string(trim($db,$_GET['key']));
to 至
$id=mysqli_real_escape_string($db,trim($_GET['user_id']));
$code=mysqli_real_escape_string($db,trim($_GET['key']));
you were "trimming" $db and not your variable. 您正在“修剪” $db而不是变量。
解决方案2
1 2016-04-20 15:55:30
This should be relatively straight-forward to troubleshoot. 这应该是比较简单的故障排除方法。 Try this: 尝试这个:
error_reporting(E_ALL);
ini_set('display_errors', 1);
include 'lib/password.php';
echo 'STILL GOOD!';
exit;
$db = new mysqli('localhost', 'user', 'pass', 'db');
if($_GET['user_id']!="" && $_GET['key']!=""):
echo 'DATA!';
exit;
$id=mysqli_real_escape_string(trim($db,$_GET['user_id']));
$code=mysqli_real_escape_string(trim($db,$_GET['key']));
$fetch=$db->query("SELECT * FROM `profile` WHERE id='$id' AND `code` = '$code'");
$count=mysqli_num_rows($fetch);
if($count!=1) :
echo 'NO ROWS!';
exit;
header("Location:index.php");
endif;
else :
echo 'NO DATA!';
exit;
header("Location:index.php");
endif;
Notice the additional echo s and exit statements. 注意其他的echo和exit语句。 Click your link, see which message you get, remove and repeat until you narrow down where it's failing. 单击您的链接,查看收到,删除并重复的消息,直到缩小失败的范围。
As @imvain2 pointed out, mysqli_real_escape_string(trim($db,$_GET['user_id'])) should be mysqli_real_escape_string($db, trim($_GET['user_id'])) so that is where your SQL query is failing to pull any results and causing the redirect to index.php. 正如@ imvain2所指出的那样, mysqli_real_escape_string(trim($db,$_GET['user_id']))应该是mysqli_real_escape_string($db, trim($_GET['user_id']))这样您的SQL查询就会失败拉任何结果,并导致重定向到index.php。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.