1. 首页
  2. 问答
  3. PHP密码重置

PHP密码重置

2015-11-06 133 views
-2

我一直在重写旧密码重设以帮助学习PHP。PHP密码重置

我想知道是否有一些部分我应该续订,因为它仍然会出现错误。

if(isset($_POST['reset'])){ 
    $email = $_POST['email']; 

    $stmt=$conn->prepare("SELECT email FROM users WHERE email=:email"); 
    $stmt->execute(array("email"=>$email)); 
    $userRow=$stmt->fetchColumn(); 

    if($userRow == '0'){ 
     $error[] = 'Sorry, we cannot find your account details. Please try another email address.'; 
    }else{ 
     $stmt=$conn->prepare("SELECT lname FROM users WHERE email=:email"); 
     $stmt->execute(array(":email"=>$email)); 
     $userRow1=$stmt->fetch(PDO::FETCH_ASSOC); 

     //$userRow = PDO::FETCH_ASSOC($stmt); 
     $password = substr(md5(uniqid(rand(),1)),3,10); 
     $pass = md5($password); 

     $to = "$email"; 
     $subject = "ClientCheck Account Recovery"; 
     $body = "Hi, $userRow1 \n\n Your password has been reset. \n\n Your password now is: $password \n\n Kind regards\n ClientCheck"; 

     $additionalheaders = "From: <[email protected]>"; 
     $additionalheaders .= "Reply-To: [email protected]"; 

     $stmt=$conn("UPDATE users SET password=:password WHERE email-:email"); 
     $stmt->execute(array(":password"=>$password,":email"=>$email)); 
     $userRow2=$stmt->rowCount(); 
    } 
} 

if(!empty($error)){ 
    $i = '0'; 
    while($i < count($error)){ 
     echo "$error[$i]"; 
     $i ++; 
    } 
}

Notice: Array to string conversion in /forgottenpassword.php on line 31
Fatal error: Function name must be a string in /forgottenpassword.php on line 36

我知道有发送的复位密码

是不是在安全性方面的最好的一步,但是,我想获得它的权利在这个水平,然后继续前进,以更安全的解除方法。

来源

2015-11-06 Sauced Apples

+0

咳'$ stmt = $ conn-> prepare(' - 看看你的其他查询;-) RTM http://php.net/manual/en/pdo.prepared-statements.php –

+0

请不要使用MD5。您正在使用准备好的语句的PDO。比MD5有更安全的功能。 –

+0

@Fred:PDO不是散列的替代品。 – symcbean

回答

1

两行必须被校正,一个在变量$体是从PDO的结果阵列,并且其中在制备语句的行:

<?php 
if(isset($_POST['reset'])){ 
    $email = $_POST['email']; 

    $stmt=$conn->prepare("SELECT email FROM users WHERE email=:email"); 
    $stmt->execute(array("email"=>$email)); 
    $userRow=$stmt->fetchColumn(); 

    if($userRow == '0'){ 
     $error[] = 'Sorry, we cannot find your account details. Please try another email address.'; 
    }else{ 
     $stmt=$conn->prepare("SELECT lname FROM users WHERE email=:email"); 
     $stmt->execute(array(":email"=>$email)); 
     $userRow1=$stmt->fetch(PDO::FETCH_ASSOC); 

     //$userRow = PDO::FETCH_ASSOC($stmt); 
     $password = substr(md5(uniqid(rand(),1)),3,10); 
     $pass = md5($password); 

     $to = "$email"; 
     $subject = "ClientCheck Account Recovery"; 
     $body = "Hi, ".$userRow1['username']."\n\n Your password has been reset. \n\n Your password now is: $password \n\n Kind regards\n ClientCheck"; // changed here 

     $additionalheaders = "From: <[email protected]>"; 
     $additionalheaders .= "Reply-To: [email protected]"; 

     $stmt=$conn->prepare("UPDATE users SET password=:password WHERE email=:email"); // changed here 
     $stmt->execute(array(":password"=>$password,":email"=>$email)); 
     $userRow2=$stmt->rowCount(); 
    } 
} 

if(!empty($error)){ 
    $i = '0'; 
    while($i < count($error)){ 
     echo "$error[$i]"; 
     $i ++; 
    } 
}

来源

2015-11-06 12:49:39

1

检查该行

$stmt=$conn("UPDATE users SET password=:password WHERE email-:email"); 
                  ^// this should be equals.

来源

2015-11-06 12:28:20

+0

谢谢我错过了这一点,但它并没有解决我害怕的问题。 –

+0

@SaucedApples,在你的问题中标记错误行。 –

+0

OP应该RTM http://php.net/manual/en/pdo.prepared-statements.php他们在你显示的错误方法中做错了。我可以提出一个答案,但我会让你们解决这个问题。 –

相关问题

 相关问题