我有两个表,分别称为“members”和“password_reset”。我有一个表单(request-password.php),用户可以通过填写电子邮件来重置密码。当他们填写表单时,带有 token 的链接已发送到用户电子邮件。 token 存储在“password_reset”表中,所有用户信息存储在“members”表中
当用户单击电子邮件中的链接时,他将被重定向到reset-password.php页面,他必须在其中输入新密码并再次填写以确认。单击提交按钮后,页面将重定向到 update-password.php。这是包含将新密码更新到数据库的代码的页面。然而,在页面能够更新数据库之前,它必须检查用户输入的密码是否等于confirmpwd。另外,电子邮件和分配的 token 是否有效。如果输入的密码相同且 token 存在,则应更新该特定用户的用户记录。
我的问题:如何获取 update-password.php 文件来检查电子邮件和分配的 token 是否有效,以便可以更新具有该电子邮件的用户的用户记录? 电子邮件存储在“members”表中, token 存储在“password_reset”中。我不知道如何链接它们。
这是我的reset-password.php 文件
if (isset($_GET['token'])) {
$uniqid = htmlentities( $_GET['token'] );
$result = mysqli_query($mysqli,"SELECT * FROM password_reset WHERE token = '".$uniqid."' ");
if ( mysqli_num_rows($result) > 0 ) {
$row = mysqli_fetch_array($result);
//Check Geldigheid token
$geldig = 7200;
if ( time()- intval( $row['tstamp'] ) > $geldig) {
//TOKEN HAS EXPIRED AND SUBMIT BUTTON HAS BEEN DISABLED
echo "
<!DOCTYPE html>
<html>
<head>
<title>Wachtwoord Resetten</title>
<link rel='stylesheet' href='../../css/reset-wachtwoord.css' />
<script type='text/JavaScript' src='../../js/sha512.js'></script>
<script type='text/JavaScript' src='../../js/forms.js'></script>
</head>
<body>
<div id='container'>
<div class='logo'></div>
<div class='ww-vergeten-form'>
<form action='' method=''>
<input type='password' name='password' id='password' placeholder='Nieuw Wachtwoord' size='50' maxlength='0'>
<input type='password' name='confirmpwd' id='password' placeholder='Herhaal Wachtwoord' size='50' maxlength='0'>
<input type='submit' class='reset-btn disabled' name='' value='Reset Wachtwoord' disabled></p>
</form>
<p class='error'>Sessie Verlopen. <a href='index.php'>Vraag een nieuwe aan</a>.</p>
</div>
</div>
</body>
</html>
";
} else {
//TOKEN IS STILL VALID
echo "
<!DOCTYPE html>
<html>
<head>
<title>Wachtwoord Resetten</title>
<link rel='stylesheet' href='../../css/reset-wachtwoord.css' />
<script type='text/JavaScript' src='../../js/sha512.js'></script>
<script type='text/JavaScript' src='../../js/forms.js'></script>
</head>
<body>
<div id='container'>
<div class='logo'></div>
<div class='ww-vergeten-form'>
<form action='password-changed.php' method='post'>
<input type='password' name='password' id='password' placeholder='Nieuw Wachtwoord' size='50' maxlength='255'>
<input type='password' name='confirmpwd' id='password' placeholder='Herhaal Wachtwoord' size='50' maxlength='255'>
<input type='submit' class='reset-btn' name='update' value='Reset Wachtwoord'></p>
</form>
<p class='nieuw-account'>Nog geen account? <a href='../../'>Maak er een aan</a>!</p>
</div>
</div>
</body>
</html>
";
}
}else{
echo "<p class='error'>Token incorrect</p>";
}
}
更新EEEEEEEEEE! *@Chancho* - 好吧,我已将 send-email.php 中的网址更新为:
$url = "DOMAIN.COM/reset-password/reset.php?email=".$email."#token=".$uniqid;
现在该网址无法打开网页,因为我需要获取 $email,但由于它与 token 位于不同的表中,我该如何获取它?
类似这样的吗?:
if (isset($_GET['token'])) {
$uniqid = htmlentities( $_GET['token'] );
$email = htmlentities( $_GET['email'] );
$result = mysqli_query($mysqli,"SELECT * FROM password_reset WHERE token = '".$uniqid."' ");
$result2 = mysqli_query($mysqli,"SELECT * FROM members WHERE email = '".$email."' ");
if ( mysqli_num_rows($result) > 0 ) {
$row = mysqli_fetch_array($result,$result2);
}
}
最佳答案
您可以在电子邮件地址和 token ID 之间建立关联:
- 用户在他/她的邮箱中收到 token
- 用户点击链接并在网页中输入电子邮件地址
reset-password.php(未经测试的代码):
$token = $_GET['token'];
$email = $_GET['email'];
//Don't forget to escape your query parameters
$token = $mysqli->real_escape_string($token);
$email = $mysqli->real_escape_string($email);
$result = mysqli_query($mysqli->query("SELECT * FROM password_reset WHERE token = '$token' AND email = '$email'"));
if(mysqli_num_rows($result) > 0 )
{
//user verified, update usertable
}
else
{
//token or email invalid, show error to user
}
关于php - 检查有效 token 以更新密码,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20754094/