我有两个名为'members'和'password_reset'的表。我有一个表单(request-password.php),用户可以通过填写电子邮件来重置密码。当他们填写表单时,带有令牌的链接已发送到用户电子邮件。令牌存储在'password_reset'表中,并且表'member'中的所有usersinfo都存储在
中当用户点击电子邮件中的链接时,他将被重定向到reset-password.php页面,在那里他必须输入新密码并通过再次填写来确认。单击提交按钮后,页面将重定向到update-password.php。这是包含用于将新密码更新到数据库的代码的页面。但是,在页面能够更新数据库之前,必须检查用户是否输入了等于confirmmpwd的密码。此外,电子邮件和分配的令牌是否有效。如果输入的密码相同且令牌不满,则应更新该特定用户的用户记录。
我的问题:如何获取update-password.php文件以检查电子邮件和分配的令牌是否有效,以便可以更新具有该电子邮件的用户的用户记录? 电子邮件存储在“members”表中,令牌存储在“password_reset”中。我不知道如何链接它们。
这是我的reset-password.php文件
if (isset($_GET['token'])) {
$uniqid = htmlentities( $_GET['token'] );
$result = mysqli_query($mysqli,"SELECT * FROM password_reset WHERE token = '".$uniqid."' ");
if ( mysqli_num_rows($result) > 0 ) {
$row = mysqli_fetch_array($result);
//Check Geldigheid token
$geldig = 7200;
if ( time()- intval( $row['tstamp'] ) > $geldig) {
//TOKEN HAS EXPIRED AND SUBMIT BUTTON HAS BEEN DISABLED
echo "
<!DOCTYPE html>
<html>
<head>
<title>Wachtwoord Resetten</title>
<link rel='stylesheet' href='../../css/reset-wachtwoord.css' />
<script type='text/JavaScript' src='../../js/sha512.js'></script>
<script type='text/JavaScript' src='../../js/forms.js'></script>
</head>
<body>
<div id='container'>
<div class='logo'></div>
<div class='ww-vergeten-form'>
<form action='' method=''>
<input type='password' name='password' id='password' placeholder='Nieuw Wachtwoord' size='50' maxlength='0'>
<input type='password' name='confirmpwd' id='password' placeholder='Herhaal Wachtwoord' size='50' maxlength='0'>
<input type='submit' class='reset-btn disabled' name='' value='Reset Wachtwoord' disabled></p>
</form>
<p class='error'>Sessie Verlopen. <a href='index.php'>Vraag een nieuwe aan</a>.</p>
</div>
</div>
</body>
</html>
";
} else {
//TOKEN IS STILL VALID
echo "
<!DOCTYPE html>
<html>
<head>
<title>Wachtwoord Resetten</title>
<link rel='stylesheet' href='../../css/reset-wachtwoord.css' />
<script type='text/JavaScript' src='../../js/sha512.js'></script>
<script type='text/JavaScript' src='../../js/forms.js'></script>
</head>
<body>
<div id='container'>
<div class='logo'></div>
<div class='ww-vergeten-form'>
<form action='password-changed.php' method='post'>
<input type='password' name='password' id='password' placeholder='Nieuw Wachtwoord' size='50' maxlength='255'>
<input type='password' name='confirmpwd' id='password' placeholder='Herhaal Wachtwoord' size='50' maxlength='255'>
<input type='submit' class='reset-btn' name='update' value='Reset Wachtwoord'></p>
</form>
<p class='nieuw-account'>Nog geen account? <a href='../../'>Maak er een aan</a>!</p>
</div>
</div>
</body>
</html>
";
}
}else{
echo "<p class='error'>Token incorrect</p>";
}
}
UPDATEEEEEEEEEEE! * @Chancho * - 好吧我已将send-email.php中的我的网址更新为:
$url = "DOMAIN.COM/reset-password/reset.php?email=".$email."#token=".$uniqid;
现在网址没有打开网页,因为我需要获取$ email,但由于它与令牌位于不同的表中,我该如何获取?
这样的东西?:
if (isset($_GET['token'])) {
$uniqid = htmlentities( $_GET['token'] );
$email = htmlentities( $_GET['email'] );
$result = mysqli_query($mysqli,"SELECT * FROM password_reset WHERE token = '".$uniqid."' ");
$result2 = mysqli_query($mysqli,"SELECT * FROM members WHERE email = '".$email."' ");
if ( mysqli_num_rows($result) > 0 ) {
$row = mysqli_fetch_array($result,$result2);
}
}
答案 0 :(得分:0)
您可以在电子邮件地址和令牌ID之间进行关联:
reset-password.php(未经测试的代码):
$token = $_GET['token'];
$email = $_GET['email'];
//Don't forget to escape your query parameters
$token = $mysqli->real_escape_string($token);
$email = $mysqli->real_escape_string($email);
$result = mysqli_query($mysqli->query("SELECT * FROM password_reset WHERE token = '$token' AND email = '$email'"));
if(mysqli_num_rows($result) > 0 )
{
//user verified, update usertable
}
else
{
//token or email invalid, show error to user
}