2015-11-06 178 views
-2

我一直在重寫舊密碼重設以幫助學習PHP。PHP密碼重置

我想知道是否有一些部分我應該續訂,因爲它仍然會出現錯誤。

if(isset($_POST['reset'])){ 
    $email = $_POST['email']; 

    $stmt=$conn->prepare("SELECT email FROM users WHERE email=:email"); 
    $stmt->execute(array("email"=>$email)); 
    $userRow=$stmt->fetchColumn(); 

    if($userRow == '0'){ 
     $error[] = 'Sorry, we cannot find your account details. Please try another email address.'; 
    }else{ 
     $stmt=$conn->prepare("SELECT lname FROM users WHERE email=:email"); 
     $stmt->execute(array(":email"=>$email)); 
     $userRow1=$stmt->fetch(PDO::FETCH_ASSOC); 

     //$userRow = PDO::FETCH_ASSOC($stmt); 
     $password = substr(md5(uniqid(rand(),1)),3,10); 
     $pass = md5($password); 

     $to = "$email"; 
     $subject = "ClientCheck Account Recovery"; 
     $body = "Hi, $userRow1 \n\n Your password has been reset. \n\n Your password now is: $password \n\n Kind regards\n ClientCheck"; 

     $additionalheaders = "From: <[email protected]>"; 
     $additionalheaders .= "Reply-To: [email protected]"; 

     $stmt=$conn("UPDATE users SET password=:password WHERE email-:email"); 
     $stmt->execute(array(":password"=>$password,":email"=>$email)); 
     $userRow2=$stmt->rowCount(); 
    } 
} 

if(!empty($error)){ 
    $i = '0'; 
    while($i < count($error)){ 
     echo "$error[$i]"; 
     $i ++; 
    } 
} 

Notice: Array to string conversion in /forgottenpassword.php on line 31
Fatal error: Function name must be a string in /forgottenpassword.php on line 36

我知道有發送的復位密碼

是不是在安全性方面的最好的一步,但是,我想獲得它的權利在這個水平,然後繼續前進,以更安全的解除方法。

+0

咳'$ stmt = $ conn-> prepare(' - 看看你的其他查詢;-) RTM http://php.net/manual/en/pdo.prepared-statements.php –

+0

請不要使用MD5。您正在使用準備好的語句的PDO。比MD5有更安全的功能。 –

+0

@Fred:PDO不是散列的替代品。 – symcbean

回答

1

兩行必須被校正,一個在變量$體是從PDO的結果陣列,並且其中在製備語句的行:

<?php 
if(isset($_POST['reset'])){ 
    $email = $_POST['email']; 

    $stmt=$conn->prepare("SELECT email FROM users WHERE email=:email"); 
    $stmt->execute(array("email"=>$email)); 
    $userRow=$stmt->fetchColumn(); 

    if($userRow == '0'){ 
     $error[] = 'Sorry, we cannot find your account details. Please try another email address.'; 
    }else{ 
     $stmt=$conn->prepare("SELECT lname FROM users WHERE email=:email"); 
     $stmt->execute(array(":email"=>$email)); 
     $userRow1=$stmt->fetch(PDO::FETCH_ASSOC); 

     //$userRow = PDO::FETCH_ASSOC($stmt); 
     $password = substr(md5(uniqid(rand(),1)),3,10); 
     $pass = md5($password); 

     $to = "$email"; 
     $subject = "ClientCheck Account Recovery"; 
     $body = "Hi, ".$userRow1['username']."\n\n Your password has been reset. \n\n Your password now is: $password \n\n Kind regards\n ClientCheck"; // changed here 

     $additionalheaders = "From: <[email protected]>"; 
     $additionalheaders .= "Reply-To: [email protected]"; 

     $stmt=$conn->prepare("UPDATE users SET password=:password WHERE email=:email"); // changed here 
     $stmt->execute(array(":password"=>$password,":email"=>$email)); 
     $userRow2=$stmt->rowCount(); 
    } 
} 

if(!empty($error)){ 
    $i = '0'; 
    while($i < count($error)){ 
     echo "$error[$i]"; 
     $i ++; 
    } 
} 
1

檢查該行

$stmt=$conn("UPDATE users SET password=:password WHERE email-:email"); 
                  ^// this should be equals. 
+0

謝謝我錯過了這一點,但它並沒有解決我害怕的問題。 –

+0

@SaucedApples,在你的問題中標記錯誤行。 –

+0

OP應該RTM http://php.net/manual/en/pdo.prepared-statements.php他們在你顯示的錯誤方法中做錯了。我可以提出一個答案,但我會讓你們解決這個問題。 –