0
這是提交按鈕被觸發時的2個表單和2個操作。第一種形式要求帳戶名稱並檢查驗證碼是否正確。當兩者都沒有問題時,用戶就會轉到下一個表格,詢問他2個問題,以便他可以找回他的密碼。代碼執行正常,但我有一個問題。當一切正常時:帳戶存在,驗證碼正常,兩個問題都可以,當用戶點擊第二個表單提交按鈕時,第一個動作的else語句再次執行,但表單連續正常,他得到了他的密碼e郵件。任何幫助將appriciated :)即使滿足條件,也執行其他語句
if ('POST' === $_SERVER['REQUEST_METHOD']){
if($_POST['lostpassword']=='account' AND ($_POST["captcha"])&&$_POST["captcha"]!=""&&$_SESSION["code"]==$_POST["captcha"]) {
connectdb($CONFIG['dbdbname'], $CONFIG['dbaddress'], $CONFIG['dbuser'], $CONFIG['dbpass']);
$postusername = $_POST['account'];
$postusername = antiinjection($postusername);
$result = mssql_query (sprintf(SELECT_USER_FULLINFO, $postusername));
$rows=mssql_num_rows($result);
if($rows>0) {
$rows=mssql_fetch_assoc($result);
extract($rows);
$error = 2;
} else {
echo "Account doesn't exist.<br>";
$error = 1;
}
}
else {
echo '<script language="JavaScript">
alert("Wrong Verification code. Please try again.");
</script>';
}
}
形式:
<form name='lostpassword' action='index.php?page=lostpassword' method='post' onsubmit='return checkform1()' autocomplete='off'>
<table CELLSPACING=0 BORDER=0 CELLPADDING=0 align=CENTER>
<tr>
<td width=200>
Account
</td>
<td>
<div align=right>
<input type=text maxlength=14 name=account>
</div>
</td>
</tr>
<tr>
<td valign=middle>
Verification Image <img src=\"captcha.php\">
</td>
<td>
<div align=right>
<input type=text maxlength=4 name=captcha>
</div>
</td>
</tr>
</table>
<div align=center>
<BR>
<input type=hidden name=lostpassword value='account'>
<input type=submit name=Login value=' Submit '>
</div>
</form>
Nexti操作:
if($_POST['lostpassword']=='email') {
$error = 3;
$postusername = $_POST['account'];
$postanswer1 = $_POST['answer1'];
$postanswer2 = $_POST['answer2'];
$postusername = antiinjection($postusername);
$postanswer1 = antiinjection($postanswer1);
$postanswer2 = antiinjection($postanswer2);
connectdb($CONFIG['dbdbname'], $CONFIG['dbaddress'], $CONFIG['dbuser'], $CONFIG['dbpass']);
$result = mssql_query (sprintf(SELECT_USER_FULLINFO, $postusername));
$rows=mssql_num_rows($result);
if($rows>0) {
$rows=mssql_fetch_assoc($result);
extract($rows);
$postanswer1 = encrypt($postanswer1);
$postanswer2 = encrypt($postanswer2);
$answer1 = '0x' . substr(bin2hex($answer1), 0, 32);
$answer2 = '0x' . substr(bin2hex($answer2), 0, 32);
if($answer1!=$postanswer1) {
echo "Answer to security question #1 is incorrect.<br>";
$error = 2;
}
if($answer2!=$postanswer2) {
echo "Answer to security question #2 is incorrect.<br>";
$error = 2;
}
} else {
echo "Account doesn't exist.<br>";
$error = 1;
}
}
構成了本次行動:
<form name='lostpassword' action='index.php?page=lostpassword' method='post' onsubmit='return checkform2()' autocomplete='off'>
<table CELLSPACING=0 BORDER=0 CELLPADDING=0 align=CENTER>
<tr>
<td width=200>
Security Question #1
</td>
<td>
<div align=right>
{$quiz1}
</div>
</td>
</tr>
<tr>
<td>
Security Answer #1
</td>
<td>
<div align=right>
<input type=text maxlength=32 name=answer1>
</div>
</td>
</tr>
<tr>
<td>
Security Question #2
</td>
<td>
<div align=right>
{$quiz2}
</div>
</td>
</tr>
<tr>
<td>
Security Answer #2
</td>
<td>
<div align=right>
<input type=text maxlength=32 name=answer2>
</div>
</td>
</tr>
</table>
<div align=center>
<BR>
<input type=hidden name=lostpassword value='email'>
<input type=hidden name=account value='{$postusername}'>
<input type=submit name=Login value=' Submit '>
</div>
</form>
電子郵件代碼:
if($error==3) {
$newpassword = mt_rand(1000000,9999999);
$newpassword = md5($newpassword);
$newpassword = substr($newpassword, 0, 15);
$encnewpassword = encrypt($newpassword);
echo '<br>';
mssql_query(sprintf(UPDATE_PASSWORD, $encnewpassword, $account));
if($CONFIG['email']==0) {
echo "<strong>Your password has been reseted to...</strong><br>{$newpassword}<br><br>";
} elseif($CONFIG['email']==1) {
sendemail($CONFIG['emailsmtp'], $CONFIG['emailuser'], $CONFIG['emailpass'], $CONFIG['emailaddress'], $CONFIG['servername'], "Lost Password", $email, $account, $newpassword, $ssn, "<strong>Your password has been reseted and sent to your email.</strong>");
}
}
您是否需要包含整個網站? –
我很累看這個:( – Sahal
把完整的帖子文件作爲連續代碼 –