1. 首页
  2. 问答
  3. 忘记密码功能不工作,SQL,PHP

忘记密码功能不工作,SQL,PHP

2014-11-25 43 views
0

不知道发生了什么,但它突然停止工作... 我可以输入电子邮件和用户名(我知道凭据是正确的),并得到消息,它不会找到任何匹配的细节...忘记密码功能不工作,SQL,PHP

forgotpassword.php的内容:

<?php 
require_once("users.inc"); 

$PAGE_TITLE = "Forgotten Password"; 

include $PHP_USERS_HEADER_FILE; 

?> 

<h3>Forgot Your Password?</h3> 

<p>If you've forgotten your password, just enter the username and email address that you registered with, and your password will be emailed to you immediately.</p> 



<form method="post" action="emailpassword.php"> 
    <p><b>Your Username: </b> 
    <input type="text" name="username" size="35" /> 
    </p><p> 
    <b>Your Email Address: </b> 
    <input type="text" name="email" size="35" /> 
    </p> 
    <input type=submit value="Submit" /> 
</form>

emailpassword.php的内容:

<?php 
require_once("users.inc"); 

$PAGE_TITLE = "Forgotten Password"; 

connect_to_users_db(); 

$password = fnRandomPassword(8); 
$encrypt_pwd = md5($password); 

$sql = "UPDATE users SET password='$encrypt_pwd' WHERE email='".$_REQUEST['email']."' AND username='".$_REQUEST['username']."'"; 
$query = mysql_query($sql); 

$sql1 = "SELECT email, username, password FROM users WHERE email='".$_REQUEST['email']."' AND username='".$_REQUEST['username']."'"; 
$query1 = mysql_query($sql1); 
if ($query1 && (mysql_num_rows($query1) > 0)) { 

    while (list($email,$username) = mysql_fetch_row($query1)) { 
    mail($email, "Your Password", "Below is the username and password information you requested.\n\nUsername: '$username'\nPassword: '$password'.\n\n","From: $WEB_MASTER <$WEB_MASTER_EMAIL>\n"); 

} 
} 


include $PHP_USERS_HEADER_FILE; 

?> 

<h3>Forgot Your Password?</h3> 

<? 

echo "<p>"; 

//if ($query && mysql_num_rows($query) > 0) { 
if (mysql_affected_rows() > 0) { 

?> 

<p>We've emailed your password. You should receive it within a minute. If you don't, please send mail to the <a href="mailto:<?=$WEB_MASTER_EMAIL?>"><?=$WEB_MASTER?></a>.</p> 

<?php 

} else { 

?> 

<p>We could not find an email and username corresponding with the email address and username you entered. Perhaps you registered with a different email address/username. Use the form below to try again.</p> 



<form method="post" action="emailpassword.php"> 
    <p><b>Your Username: </b> 
    <input type="text" name="username" size="35" /> 
    </p><p> 
    <b>Your Email Address:</b> 
    <input type="text" name="email" size="35" /> 
    </p> 
    <input type="submit" value="Submit" /> 
</form> 


<p>If you believe you have not registered before, you are welcome to sign up now with the following form:</br> 
     <?php include 'fragments/requestaccont.htm';?> 

<?php 

} 

?>

有一些过时的鳕鱼在这里或什么?

来源

2014-11-25 Milla

+1

容易受到sql注入,使用旧的mysql_。所以是过时的和危险的。应该更新到新的东西pdo等。但要调试即时问题。打印出生成的sql并手动运行以与数据库进行比较。这可能会增加一些额外的字符/空格。 – Doon 2014-11-25 13:46:33

+0

'mysql_ *'函数从PHP 5.5开始已被弃用。你可能想使用'mysqli'或'PDO'。至于你的问题;你的代码是否抛出任何异常或显示任何错误? – 2014-11-25 13:46:34

+0

你们需要说noob语言,所以我明白了:P 我不会收到任何错误,除了它不会工作的部分,只是给用户“我们找不到与电子邮件地址相对应的电子邮件和用户名...” 所以,如果有一个解决方案,只是使它现在工作,它会帮助我,直到我想到如何改变它:P – Milla 2014-11-25 13:48:29

回答

0

它停止工作,因为您更改了检查查询的行。现在,它将通过电子邮件发送新密码并显示“未找到”消息。

您正在使用mysql_affected_rows(),但最后一个查询是一个不影响行的SELECT查询。更改行:

if (mysql_affected_rows() > 0) {

进入这一行:

if ($query1 && (mysql_num_rows($query1) > 0)) {

也听遁,mysql_*已被弃用。

来源

2014-11-25 14:30:07

相关问题

 相关问题