忘记密码脚本PHP mysqli数据库 [英] Forgot Password Script PHP mysqli database

问题描述

我正在尝试制作忘记密码的脚本并成功完成，但是我遇到了一个问题.在forgot.php中，当用户输入电子邮件时，脚本会检查数据库中的电子邮件是否匹配，然后它将激活代码保存在数据库中，并将激活代码发送到他的电子邮件地址.

Hi I am trying to make forgot password script and successfully completed but I am getting one problem. In forgot.php When user enter email, script checks the email in database if it's matching then it will save activation code in database and also sends the activation code to his email address.

在接收到电子邮件后，单击链接，他将需要他在resetpass.php中重设密码表格，它首先检查激活码是否与数据库中的密码匹配，如果是，则用户将输入新密码，然后它将重置他的密码，但问题是密码没有更改，谁输入了他的电子邮件，它更改了其他人的密码:D.我不知道该脚本出了什么问题

After receiving email click on the link and it will take him to reset password form in resetpass.php first it checks that if activation code is matching with the code in database if it is then user will enter his new password and it will reset his password but problem is that the password is not changing who has entered his email it change the password of other person :D . I don't know what's going wrong in this script

Forgot.php

<?php 
error_reporting(0);
if($_POST['submit']=='Send')
{
//keep it inside
$email=$_POST['email'];
$code = $_GET['activation_code'];
$con=mysqli_connect("Localhost","root","123","user");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
$query = mysqli_query($con,"select * from login where user_email='$email'")
or die(mysqli_error($con)); 

 if (mysqli_num_rows ($query)==1) 
 {
$code=rand(100,999);
$message="You activation link is: http://bing.fun2pk.com/resetpass.php?email=$email&code=$code";
mail($email, "ZatWing", $message);
echo 'Email sent';
$query2 = mysqli_query($con,"update login set activation_code='$code' where user_email='$email' ")
or die(mysqli_error($con)); 
}
else
{
echo 'No user exist with this email id';

}}

?>
<form action="forgot.php" method="post">
Enter you email ID: <input type="text" name="email">
<input type="submit" name="submit" value="Send">
</form>

resetpass.php

<?php
if(isset($_GET['code'])) {

    $acode = $_GET['code'];}
    echo $acode;

if(isset($_POST['pass'])){
    $pass = $_POST['pass'];


$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con)); 

 if (mysqli_num_rows ($query)==1) 
{



$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con)); 

echo 'Password Changed';
}
else
{
echo 'Wrong CODE';

}}

?>

    <form action="resetpass.php" method="POST">
    <p>New Password:</p><input type="password" name="pass" />
    <input type="submit"  name="submit" value="Signup!" />
    </form>

推荐答案

我在resetpass.php

您首先必须使用$_GET['code']获取激活码并将其存储在

You'l first have to use $_GET['code'] to get your activation code and store in a hidden field of

这是经过修改的代码，应该可以正常工作.

here is modified code, that should work.

<?php

if(isset($_POST['pass'])){
$pass = $_POST['pass'];
$acode=$_POST['code'];

$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con)); 

if (mysqli_num_rows ($query)==1) 
{
$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con)); 

echo 'Password Changed';
}
else
{
echo 'Wrong CODE';
}
}
?>

<form action="resetpass.php" method="POST">
<p>New Password:</p><input type="password" name="pass" />
<input type="submit"  name="submit" value="Signup!" />
<input type="hidden" name="code" value="<?php echo $_GET['code'];?>" />
</form>

这篇关于忘记密码脚本PHP mysqli数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！