即使一切正常也会出错

cxfofazt  于 2021-06-20  发布在  Mysql
关注(0)|答案(1)|浏览(350)

我在php登录系统中使用了以下忘记密码的代码,但后来仍然出现错误用户名或密码不正确。文件是forgotpassword.php。现在我得到的最后一个错误用户名或电子邮件不正确,但我的输入是正确的,并把根据mysql表信息。这是我的code:-(在托管服务器上,因此隐藏了一些信息)。

session_start();
 require_once 'Phpmailer/PHPMailerAutoload.php';

if (isset($_SESSION['id'])) {
header('Location: user.php');
die();
}

else {

if($_POST['submit']) {

   $username = strip_tags($_POST['username']);
   $uemail = strip_tags($_POST['email']);
   $db = mysqli_connect("localhost", "username", "password", "thedb") or die ("Failed to connect");
   $sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";
   $query = mysqli_query($db, $sql);
   if($query) {
        $row = mysqli_fetch_row($query);
        $dbUserName = $row[1];
        $dbUserId = $row[0];
        $dbEmail = $row[4];

   }
   if($username == $dbUserName && $uemail == $dbEmail) {
       $_SESSION['username'] = $username;
       $_SESSION['id'] = $id;
       $token = rand(10);
       $db->query("UPDATE members SET token='$token' WHERE id='id'");
       $url = "https://www.example.net/resetpass?token=$token" ;
       $mail = new PHPMailer(true);                              // Passing 
`true` enables exceptions
try {
//Server settings
$mail->isSMTP();                                      // Set mailer to use 
SMTP
$mail->Host = 'example.net';                           // Specify main and 
backup SMTP servers
$mail->SMTPAuth = true;                               // Enable SMTP 
authentication
$mail->Username = 'members@example.net';                 // SMTP username
$mail->Password = 'password';                           // SMTP password
$mail->SMTPSecure = 'ssl';                            // Enable TLS 
encryption, `ssl` also accepted
$mail->Port = 465;                                    // TCP port to connect 
to

//Recipients
$mail->setFrom('members@example.net', 'example');
$mail->addAddress('$uemail');     // Add a recipient

//Content
$mail->isHTML(true);                                  // Set email format to HTML
$mail->Subject = 'Reset Password Request';
$mail->Body    = 'We recieved an request for resseting password for user $username, please click the following link for resetting password $url';
//$mail->AltBody = 'This is the body in plain text for non-HTML mail clients';

$mail->send();
$suc =  'Message has been sent';
} catch (Exception $e) {
$err =  'Message could not be sent.';

}

       $reset_passwordsuc = "<b><i>Instructions sent to user email.</i><b>";
     }
   else {
      $reset_password = "<b><i>Username or Email Incorrect</i><b>";

   }
}
}

?>

最后我得到的用户名或电子邮件不正确。请帮忙

mysqlphpforgot-password

1条答案

按热度按时间
cld4siwp

cld4siwp1#

你必须改变验证用户名和电子邮件的方式。请使用以下修改。
更改:

$sql = "SELECT id,username,password FROM members where username = '$username' LIMIT 1";

收件人:

$sql = "SELECT id,username,password, email FROM members WHERE email LIKE '$uemail' AND username = '$username' LIMIT 1";

更改:

if($username == $dbUserName && $uemail == $dbEmail) {

收件人:

if(mysqli_num_rows($query) == 1) {

要使令牌部分工作,请执行以下修改。
更改:

$_SESSION['id'] = $id;

收件人:

$_SESSION['id'] = $dbUserId;

更改:

$db->query("UPDATE members SET token='$token' WHERE id='id'");

收件人:

mysqli_query($db, "UPDATE members SET token='$token' WHERE id='$dbUserId'");

ps:您可能想使用准备好的语句来防止sql注入攻击。

赞(0)分享  回复(0)举报  2021-06-20
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com