[英]Changing password using php/mysql
我為示例 android 應用程序創建了一個注冊系統。 我可以毫無問題地注冊和登錄。 最后一部分是忘記密碼的部分。 這是我的邏輯。 當用戶忘記他的密碼時,他將他的電子郵件發送到我的服務器,作為回報,他收到一封電子郵件,告訴他訪問一個鏈接。 該鏈接將他帶到一個頁面,在那里他可以輸入並確認他的新密碼。 出於某種原因,雖然密碼沒有更新。
所以我會在這里發布我的代碼。
注冊.php
<?php
session_start();
require "init.php";
header('Content-type: application/json');
$id = $_POST['id'];
$email = $_POST['email'];
$user_name = $_POST['user_name'];
$user_pass = $_POST['user_pass'];
$passwordEncrypted = sha1($user_pass);
$confirmPass = $_POST['confirm_pass'];
$confPasswordEncrypted = sha1($confirmPass);
$msg = "Congratulations. You are now registered to the most amazing
app ever!";
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
$don = array('result' =>"fail","message"=>"Please enter a valid email");
}
if($email && $user_name && $user_pass && $confirmPass && filter_var($email, FILTER_VALIDATE_EMAIL)){
$sql_query = "select * from user_info WHERE email ='".mysqli_real_escape_string($con, $email)."' or user_name
='".mysqli_real_escape_string($con, $user_name)."'";
$result = mysqli_query($con, $sql_query);
$results = mysqli_num_rows($result);
if ($results){
$don = array('result' =>"fail","message"=>"Email or username exists.");
}else{
$sql_query = "insert into user_info values('$id','$email','$user_name','$passwordEncrypted','$confPasswordEncrypted');";
if(mysqli_query($con,$sql_query)){
$don = array('result' =>"success","message"=>"Successfully registered!Well done");
mail($email,"Well done. You are registered to my sample app!",$msg);
$_SESSION['id'] = mysqli_insert_id($con);
}
}
}else if(!$email){
$don = array('result' =>"fail","message"=>"Please enter a valid email");
}else if(!$user_name){
$don = array('result' =>"fail","message"=>"Please enter your username");
}else if(!$user_pass){
$don = array('result' =>"fail","message"=>"Please enter a password");
}else if(!confirmPass){
$don = array('result' =>"fail","message"=>"Please confirm your password");
}
echo json_encode($don);
?>
和changepassword.php
<?php
require "../init.php";
session_start();
if(isset($_POST['update'])){
$password = $_POST['user_pass'];
$confpassword = $_POST['confirm_pass'];
if($password !== $confpassword){
echo "Passwords don't match!";
}else{
$id = $_SESSION['id'];
if(mysqli_query($con,"UPDATE user_info SET
user_pass='$password',confirm_pass = '$confpassword' WHERE id='$id'")){
echo "Password successfully changed!!!";
}
}
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="css/login-css.css" media="all"/>
</head>
<body>
<div class="updatepass">
<h1>Update Password</h1>
<form action="" method="post">
<input type="password" name="user_pass" placeholder="Password" required="required" />
<input type="password" name="confirm_pass" placeholder="Confirm Password" required="required" />
<button type="submit" class="btn btn-primary btn-block btn-large" name="update">Update</button>
</form>
</div>
</body>
</html>
關於如何更新密碼的任何想法?
謝謝。
我做到了!!! 正如Fred -ii-建議的那樣,我必須執行選擇查詢才能選擇 id。 所以。
<?php
require "../init.php";
session_start();
if(isset($_POST['update'])){
$password = $_POST['user_pass'];
$confpassword = $_POST['confirm_pass'];
if($password !== $confpassword){
echo "Passwords don't match!";
}else{
$select_query = "SELECT id FROM user_info";
$run_select_query = mysqli_query($con,$select_query);
while ($row_post=mysqli_fetch_array($run_select_query)){
$user_id = $row_post['id'];
echo $user_id;
}
$update_posts = "UPDATE user_info SET user_pass='$password',confirm_pass = '$confpassword' WHERE id='$user_id'";
$run_update = mysqli_query($con,$update_posts);
echo "<script>alert('Post Has been Updated!')</script>";
}
}
?>
但我想再次讓密碼“不受保護”,因為我想了解 sql 注入的工作原理:):)。 如果還有什么發現請評論。。
編輯:
這是我的看法:
你的問題似乎與
$_SESSION['id'];
您僅在創建帳戶時設置它,但 PHP 會話不會持續太久。 因此,如果您的用戶已注冊並且您將行 ID 存儲在會話中,那么當他們返回更改密碼時,您不能指望它在那里。
當您嘗試查找行以更新密碼時,這(可能)是幕后發生的事情
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.