我一直在重寫舊密碼重設以幫助學習PHP。PHP密碼重置
我想知道是否有一些部分我應該續訂,因爲它仍然會出現錯誤。
if(isset($_POST['reset'])){
$email = $_POST['email'];
$stmt=$conn->prepare("SELECT email FROM users WHERE email=:email");
$stmt->execute(array("email"=>$email));
$userRow=$stmt->fetchColumn();
if($userRow == '0'){
$error[] = 'Sorry, we cannot find your account details. Please try another email address.';
}else{
$stmt=$conn->prepare("SELECT lname FROM users WHERE email=:email");
$stmt->execute(array(":email"=>$email));
$userRow1=$stmt->fetch(PDO::FETCH_ASSOC);
//$userRow = PDO::FETCH_ASSOC($stmt);
$password = substr(md5(uniqid(rand(),1)),3,10);
$pass = md5($password);
$to = "$email";
$subject = "ClientCheck Account Recovery";
$body = "Hi, $userRow1 \n\n Your password has been reset. \n\n Your password now is: $password \n\n Kind regards\n ClientCheck";
$additionalheaders = "From: <[email protected]>";
$additionalheaders .= "Reply-To: [email protected]";
$stmt=$conn("UPDATE users SET password=:password WHERE email-:email");
$stmt->execute(array(":password"=>$password,":email"=>$email));
$userRow2=$stmt->rowCount();
}
}
if(!empty($error)){
$i = '0';
while($i < count($error)){
echo "$error[$i]";
$i ++;
}
}
我知道有發送的復位密碼Notice: Array to string conversion in /forgottenpassword.php on line 31
Fatal error: Function name must be a string in /forgottenpassword.php on line 36
是不是在安全性方面的最好的一步,但是,我想獲得它的權利在這個水平,然後繼續前進,以更安全的解除方法。
咳'$ stmt = $ conn-> prepare(' - 看看你的其他查詢;-) RTM http://php.net/manual/en/pdo.prepared-statements.php –
請不要使用MD5。您正在使用準備好的語句的PDO。比MD5有更安全的功能。 –
@Fred:PDO不是散列的替代品。 – symcbean