我一直在重写旧密码重设以帮助学习PHP。PHP密码重置
我想知道是否有一些部分我应该续订,因为它仍然会出现错误。
if(isset($_POST['reset'])){
$email = $_POST['email'];
$stmt=$conn->prepare("SELECT email FROM users WHERE email=:email");
$stmt->execute(array("email"=>$email));
$userRow=$stmt->fetchColumn();
if($userRow == '0'){
$error[] = 'Sorry, we cannot find your account details. Please try another email address.';
}else{
$stmt=$conn->prepare("SELECT lname FROM users WHERE email=:email");
$stmt->execute(array(":email"=>$email));
$userRow1=$stmt->fetch(PDO::FETCH_ASSOC);
//$userRow = PDO::FETCH_ASSOC($stmt);
$password = substr(md5(uniqid(rand(),1)),3,10);
$pass = md5($password);
$to = "$email";
$subject = "ClientCheck Account Recovery";
$body = "Hi, $userRow1 \n\n Your password has been reset. \n\n Your password now is: $password \n\n Kind regards\n ClientCheck";
$additionalheaders = "From: <[email protected]>";
$additionalheaders .= "Reply-To: [email protected]";
$stmt=$conn("UPDATE users SET password=:password WHERE email-:email");
$stmt->execute(array(":password"=>$password,":email"=>$email));
$userRow2=$stmt->rowCount();
}
}
if(!empty($error)){
$i = '0';
while($i < count($error)){
echo "$error[$i]";
$i ++;
}
}
我知道有发送的复位密码Notice: Array to string conversion in /forgottenpassword.php on line 31
Fatal error: Function name must be a string in /forgottenpassword.php on line 36
是不是在安全性方面的最好的一步,但是,我想获得它的权利在这个水平,然后继续前进,以更安全的解除方法。
咳'$ stmt = $ conn-> prepare(' - 看看你的其他查询;-) RTM http://php.net/manual/en/pdo.prepared-statements.php –
请不要使用MD5。您正在使用准备好的语句的PDO。比MD5有更安全的功能。 –
@Fred:PDO不是散列的替代品。 – symcbean