1. 首頁
  2. 問答
  3. MySQL數據庫沒有更新

MySQL數據庫沒有更新

2013-02-05 171 views
0

(請忽略的事實是MD5是不是最安全,mysql_ *功能已經過時等等 - !這不是在任何網站上線)MySQL數據庫沒有更新

所以,我目前有一個系統,用戶可以進入恢復密碼頁面並輸入他們的電子郵件。它向他們發送一封帶有鏈接的郵件來恢復他們的密碼。此鏈接如下:

http://www.example.com/recover_password.php?username=(USERNAME這裏)& recover_password =(代碼在這裏)。

這些代碼在註冊時隨機生成,並且在數據庫中正常存儲。但是,我試圖讓他們從上面的鏈接改變它有問題。這是recover_password.php頁:

<?php 
include 'core/init.php'; 

$username = (isset($_GET['username'])); 
$password_recovery = (isset($_GET['password_recovery'])); 

if (isset($_GET['success']) && empty($_GET['success'])) { 
    echo 'Your password has been changed. You may now proceed to log in.'; 
    die(); 
} else { 

if (password_recovery_exists($password_recovery) === true && (user_exists($username) === true)) { 
    if (empty($_POST) === false) { 
     $required_fields = array('password', 'password_again'); 
     foreach($_POST as $key=>$value) { 
      if (empty($value) && in_array($key, $required_fields) === true) { 
       $errors[] = 'You missed a field!'; 
       break 1; 
      } 
     } 
      if (trim($_POST['password']) !== trim($_POST['password_again'])) { 
       $errors[] = 'Your new passwords do not match'; 
      } else if (strlen($_POST['password']) < 6) { 
       $errors[] = 'Your password must be at least 6 characters long.'; 
      } 
     } 
     if (empty($_POST) === false && empty($errors) === true) { 
      password_recovery($username, $_POST['password']); 
      header('Location: recover_password.php?success'); 
     } else { 
       echo output_errors($errors); 
     } 
    } 
?> 
<html> 
<head> 
<meta http-equiv="content-type" content="text/html;charset=utf-8"> 
<title>Liste - Login</title> 
<link rel="stylesheet" type="text/css" href="css/style.css"> 
</head> 
<body> 
<form action="" method="post">   
     <label for="password"><b><center>New Password:</label><br > 
     <input type="password" name="password" size="30"><br /> 

     <label for="password_again"><b><center>Re-enter New Password:</label><br > 
     <input type="password" name="password_again" size="30"><br /> 

     <input type="submit" value="Change Password"><br /><br /> 
</form> 
</center> 
</body> 
</html> 

<?php 
} 
?>

首先,主要的問題是,當他們點擊「更改密碼」都顯示錯誤消息,但密碼不更新數據庫,導致我相信有與password_recovery功能的問題:

function password_recovery($username, $password) { 
    $username = sanitize($username); 
    $password = md5($password); 

    mysql_query("UPDATE `users` SET `password` = '$password' WHERE `username` = '$username'");

我不知道是否有與功能還是變量實際上正在發送或有什麼問題,這樣有利於將不勝感激:)

我還想知道什麼是順時針稅收是檢查'username'和'password_recovery'(來自鏈接)是否來自數據庫中的同一行?

我理解這段代碼是一個爛攤子,等過時等,但幫助是極大的讚賞:)

謝謝你們!

來源

2013-02-05 Noth

+0

最小的調試作業,你應該做的是檢查的mysql_query的'的返回值()'調用和'的var_dump()所選的東西像函數參數或生成的SQL代碼。另外,'sanitize()'是一項關鍵任務,但我們不知道如何。 –

+0

'$ username =(isset($ _ GET ['username'])); '將始終返回true或false,而不是用戶名,與$ password相同。請使用PDO或mysqli準備好的語句而不是mysql_ *方法。 –

回答

-1

嘗試類似的東西:

mysql_query("UPDATE `users` SET `password` = '".$password."' WHERE `username` = '".$username."'");

來源

2013-02-05 16:16:55 mrakodol

+0

爲什麼我得到一個減號? – mrakodol

0

這應該工作:

<?php 
include 'core/init.php'; 

function password_recovery($username, $password) { 
    $username = mysql_real_escape_string(sanitize($username)); 
    $password = md5($password); 

    mysql_query("UPDATE `users` SET `password` = '" . $password . "' WHERE `username` = '" . $username . "'"); 
} 

$username = (isset($_SESSION['username']) ? $_SESSION['username'] : false); 
$password_recovery = (isset($_POST['password_recovery']) ? $_POST['password_recovery'] : false); 

if (isset($_GET['success']) && empty($_GET['success'])) { 
    echo 'Your password has been changed. You may now proceed to log in.'; 
    die(); 
} else { 

    if (password_recovery_exists($password_recovery) === true && (user_exists($username) === true)) { 
     if (empty($_POST) === false) { 
      $required_fields = array('password', 'password_again'); 
      foreach ($_POST as $key => $value) { 
       if (empty($value) && in_array($key, $required_fields) === true) { 
        $errors[] = 'You missed a field!'; 
        break 1; 
       } 
      } 
      if (trim($_POST['password']) !== trim($_POST['password_again'])) { 
       $errors[] = 'Your new passwords do not match'; 
      } else if (strlen($_POST['password']) < 6) { 
       $errors[] = 'Your password must be at least 6 characters long.'; 
      } 
     } 
     if (empty($_POST) === false && empty($errors) === true) { 
      password_recovery($username, $_POST['password']); 
      header('Location: recover_password.php?success'); 
     } else { 
      echo output_errors($errors); 
     } 
    } else { 
     die("User not found"); 
    } 
} 
?> 
<html> 
    <head> 
     <meta http-equiv="content-type" content="text/html;charset=utf-8"> 
     <title>Liste - Login</title> 
     <link rel="stylesheet" type="text/css" href="css/style.css"> 
    </head> 
    <body> 
     <form action="" method="post">   
      <label for="password"><b><center>New Password:</label><br > 
         <input type="password" name="password" size="30"><br /> 

         <label for="password_again"><b><center>Re-enter New Password:</label><br > 
            <input type="password" name="password_again" size="30"><br /> 

            <input type="submit" value="Change Password"><br /><br /> 
            </form> 
           </center> 
           </body> 
           </html>

來源

2013-02-05 16:21:33

+0

即使用戶存在,此代碼始終會返回「用戶未找到」。是否從地址欄獲取$ username變量?我是PHP的新手,不確定$ _GET和$ _POST之間的區別是什麼。 – Noth

+0

這使我想起了第二個問題 - 我正在尋找一種方法來驗證$ username和$ password_recovery是否在數據庫中的同一行 - 這樣您需要它們(隨機生成並且不顯示任何地方)$ password_recovery代碼來更改密碼。謝謝雖然 - 它的作品! – Noth

相關問題

 相關問題