2
我有一個小規模應用程序,允許管理員重置密碼。我現在擁有它,以便管理員輸入他們的電子郵件地址,並生成隨機密鑰並通過電子郵件發送給他們。隨機密鑰也存儲在用戶的數據庫中。該電子郵件還包含指向表單的鏈接,用戶可以通過輸入用戶名和發送給他們的代碼來重置密碼。通過表單和唯一代碼重置密碼
下面是重置密碼錶單:
<h1>Reset Your Password</h1>
<form id="reset" name="reset" method="post" action="reset-admin-password-exec.php">
<table width="365" height="147" border="0" cellpadding="0" cellspacing="5">
<tr>
<td width="144">Username: </td>
<td><input name="username" type="text" class="textfield" id="username" /></td>
</tr>
<tr>
<td>Code: </td>
<td><input name="code" type="text" class="textfield" id="code" /></td>
</tr>
<tr>
<td>New Password: </td>
<td><input name="password" type="password" class="textfield" id="code" /></td>
</tr>
<tr>
<td>Confirm Password: </td>
<td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
</tr>
<tr>
<td><input type="submit" name="Submit" value="Reset" /></td>
</tr>
</table>
</form>
這裏是處理代碼重置管理員密碼,exec.php文件:
<?
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
//check for validation errors
if (isset ($_POST['username']) && !empty ($_POST['username'])) {
$username = clean($_POST['username']);
} else {
$errmsg_arr[] = 'username do not match';
$errflag = true;
}
if (isset ($_POST['code']) && !empty ($_POST['code'])) {
$code = clean($_POST['code']);
} else {
$errmsg_arr[] = 'code do not match';
$errflag = true;
}
if (isset ($_POST['password']) && !empty ($_POST['password'])) {
$password = clean($_POST['password']);
} else {
$errmsg_arr[] = 'first do not match';
$errflag = true;
}
if (isset ($_POST['cpassword']) && !empty ($_POST['cpassword'])) {
$cpassword = clean($_POST['cpassword']);
} else {
$errmsg_arr[] = 'second do not match';
$errflag = true;
}
//Check that both password match
if(strcmp($password, $cpassword) != 0) {
$errmsg_arr[] = 'Passwords do not match';
$errflag = true;
}
//encrypt the password
$salt1 = md5($username);
$salt2 = md5(DB_PASSWORD);
$password = sha1($salt1.$password.$salt2);
//if there are input validations redirect back to main page
if($errflag) {
$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
session_write_close();
header("location: reset-admin-password-form.php");
exit();
}
$qry = " UPDATE admins
SET password = '$password'
WHERE randkey = '$code'
AND username = '$username'";
$result = mysql_query($qry);
if($result) {
echo $result;
//header("location: reset-admin-password-success.php");
exit();
}else {
die(mysql_error());
}
?>
我的所有驗證工作,並且如果任何字段爲空或密碼不匹配,它將重定向。但是,如果code字段與我的表中的randkey字段不匹配,該查詢仍然可以正常工作。我曾嘗試將randkeys作爲字段來確保它失敗。
當我回聲出$qry我得到這個:UPDATE admins SET password = 'b978ac7c458d65ca31c02eb4e7dabd9aa6a8e235' WHERE randkey = 'CHLVQ6vfq' AND username = 'user.name'
誰能幫我這個?
要注意的是通過電子郵件發送的代碼是密碼當量和也應該被哈希和鹽漬。 – eggyal
另外,正如在['mysql_query()'](http://php.net/manual/en/function.mysql-query.php)函數的PHP手冊中所述:*不推薦使用此擴展名。相反,[MySQLi](http://www.php.net/manual/en/book.mysqli.php)或[PDO_MySQL](http://www.php.net/manual/en/ref.pdo-應該使用mysql.php)擴展名。另請參見[MySQL:選擇API](http://www.php.net/manual/en/mysqlinfo.api.choosing.php)指南和[相關FAQ](http://www.php.net/manual * – eggyal
但是,在使用古老的'mysql_ *'擴展名時,應該測試['mysql_affected_rows()'](http ://www.php.net/manual/en/function.mysql-affected-rows.php),因爲即使沒有行匹配,'mysql_query()'也會成功('UPDATE'命令中沒有錯誤)。 – eggyal