我在PHP中创建表单以重置用户密码.当用户发送重置请求时,它会发送链接到Mail以重置密码.在链接是domain.com/index.php?link=reset-password&code=1_Xzpq+/F64xwZ/oQ/U4TkTQ==
1 = User_id
Xzpq .. =用户密码哈希(盐渍)
我需要将变量上的UserID和PasswordHash爆炸
我的代码:
function isValidPasswordResetToken($string) {
global $sqlConnect;
//$string_exp = explode('_', $string);
list($user_id, $password) = explode('_', $string);
//$user_id = $string_exp[0];
//$password = $string_exp[1];
if (empty($user_id) or !is_numeric($user_id) or $user_id < 1) {
return false;
}
if (empty($password)) {
return false;
}
$query = mysqli_query($sqlConnect, " SELECT COUNT(`user_id`) FROM " . USERS . " WHERE `user_id` = {$user_id} AND `password` = '{$password}' AND `active` = '1' ");
return (Sql_Result($query, 0) == 1) ? true …Run Code Online (Sandbox Code Playgroud) php ×1