我收到一封电子邮件来重置我的密码,但每当我点击链接时,它应该转到我的"change_password.php",但它直接转到我的"index.php",这使得用户无法更改或重置他们的密码密码.
我的链接包含id和code我设置,并且每当发送电子邮件时数据库中的代码都会更新,但它是不起作用的链接.
这就是我的链接:
mywebsite.com/change_password.php?user_id=29&key=233602
但是当我点击它时,它应该引导我到这个页面,我的change_password.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
include 'lib/password.php';
$db = new mysqli('localhost', 'user', 'pass', 'db');
if($_GET['user_id']!="" && $_GET['key']!=""):
$id=mysqli_real_escape_string(trim($db,$_GET['user_id']));
$code=mysqli_real_escape_string(trim($db,$_GET['key']));
$fetch=$db->query("SELECT * FROM `profile` WHERE id='$id' AND `code` = '$code'");
$count=mysqli_num_rows($fetch);
if($count!=1) :
header("Location:index.php");
endif;
else :
header("Location:index.php");
endif;
?>
<?php include 'home-header.php'; ?>
</head>
<body>
<?php include 'home-navbar.php'; ?>
<div class="modal-dialog">
<h2>Forgot Password Recovery</h2>
<div class="modal-content col-md-8">
<div class="modal-header">
<h4 class="modal-title"><i class="icon-paragraph-justify2"></i> Change New Password</h4>
</div>
<form method="post" autocomplete="off" id="password_form">
<div class="modal-body with-padding">
<div class="form-group">
<div class="row">
<div class="col-sm-10">
<label>New Password</label>
<input type="password" id="passwords" name="password" class="form-control required">
</div>
</div>
</div>
<div class="form-group">
<div class="row">
<div class="col-sm-10">
<label>Confirm password</label>
<input type="password" id="cpassword" name="cpassword" title="Password is mismatch" equalto="#passwords" class="form-control required" value="">
</div>
</div>
</div>
</div>
<div id="error_result"></div>
<!-- end Add popup -->
<div class="modal-footer">
<input type="hidden" name="id" value="<?php echo $id; ?>" id="id">
<button type="submit" id="btn-pwd" class="btn btn-primary">Submit</button>
</div>
</form>
</div>
</div>
<?php include 'home-footer.php';?>
<script>
$(document).ready(function(){
$(document).on('click','#btn-pwd',function(){
var url = "new_password.php";
if($('#password_form').valid()){
$('#error_result').html('<img src="ajax.gif" align="absmiddle"> Please wait...');
$.ajax({
type: "POST",
url: url,
data: $("#password_form").serialize(),
success: function(data) {
if(data==1)
{
$('#error_result').html('Password reset successfully.');
window.setTimeout(function() {
window.location.href = 'index.php?sucess=1';
}, 1000);
}
else
{
$('#error_result').html('Password reset failed. Enter again.');
}
}
});
}
return false;
});
});
</script>
但它没有指引我到那个页面,它点到index.php了我点击链接的那一刻.为什么?
我的PHP邮箱:
<?php
$db = new mysqli('localhost', 'user', 'pass', 'db');
if($_POST['email']!=""):
$email=mysqli_real_escape_string($db,$_POST['email']);
$db_check=$db->query("SELECT * FROM `profile` WHERE email='$email'");
$count=mysqli_num_rows($db_check);
if($count==1) :
$row=mysqli_fetch_array($db_check);
$code= rand(10000,1000000);
$link = 'mywebsite.com/change_password.php?user_id='.$row['id'].'&key='.$code;
$fetch=$db->query("UPDATE `profile` SET `code` = '$code' WHERE `email`='$email' ");
$to="$email";
$strSubject="Password Recovery Link";
$message = '<p>Password Recovery Link : '.$link.'</p>' ;
$headers = 'MIME-Version: 1.0'."\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1'."\r\n";
$headers .= "From: no-reply@mywebsite.com";
$mail_sent=mail($to, $strSubject, $message, $headers);
if($mail_sent) echo 1;
else echo 0;
else :
echo 0;
endif;
else :
header("Location:index.php");
endif;
?>
其他人都在看这些if陈述,我想知道你的trim电话是否是问题所在.
改变这一点
$id=mysqli_real_escape_string(trim($db,$_GET['user_id']));
$code=mysqli_real_escape_string(trim($db,$_GET['key']));
至
$id=mysqli_real_escape_string($db,trim($_GET['user_id']));
$code=mysqli_real_escape_string($db,trim($_GET['key']));
你是"修剪" $db而不是你的变量.
| 归档时间: |
|
| 查看次数: |
73 次 |
| 最近记录: |