它工作,如果我把它像user_id = 3或當我刪除where語句(WHERE user_id =「。$ user ['user_id']。」),但然後我所有的數據庫密碼更改。重置密碼確認無法正常工作?
我用get方法來獲得這樣的 USER_ID = 3 & reset_token = XXXXXXXXX
<?php
if(isset($_GET['user_id']) && isset($_GET['reset_token'])) {
$userid = $_GET['user_id'];
$reset_token = $_GET['reset_token'];
// Make sure user email with matching hash exist
$req = $heidisql->prepare("SELECT * FROM users WHERE user_id='$userid' AND reset_token='$reset_token' ");
$req->execute($userid, $reset_token);
$user = $req->fetch(PDO::FETCH_ASSOC);
if ($user) {
if (!preg_match ('%\A(?=[-_a-zA-Z0-9]*?[A-Z])(?=[-_a-zA-Z0-9]*?[a-z])(?=[-_a-zA-Z0-9]*?[0-9])\S{8,30}\z%', $_POST['new_pass'])
|| $_POST['new_pass'] !== $_POST['confirm_newpass']) {
echo 'Your new password did not match the new confirm password or is invalid!';
exit();
}
}
} else {
$newpassword = escape_data($_POST['new_pass']);
$newpass_hash = password_hash($newpassword, PASSWORD_BCRYPT);
$sql= "UPDATE users SET "
. "password_hashcode='$newpass_hash', "
. "reset_allocated_time=NULL, "
. "reset_token=NULL "
. "WHERE user_id=".$user['user_id']." "; //<- error here
// Make sure user email with matching hash exist
$result_newpass = $heidisql->prepare($sql);
$result_newpass->execute();
echo "Your password has been reset!";
exit();
}
已經嘗試USER_ID = '$用戶ID'/ $ _GET [ 'user_ID的']的用戶ID 那麼,應該如何我定義了變量user_id?
仍然不起作用 $ req = $ heidisql-> prepare(「SELECT * FROM users WHERE user_id =':user_id'AND reset_token =':reset_token'」);
$req->execute([':user_id'=>$userid, ':reset_token'=>$reset_token]);
$sql= "UPDATE users SET password_hashcode=':password_hashcode', reset_allocated_time=NULL, reset_token=NULL WHERE user_id=:user_id";
$result_newpass = $heidisql->prepare($sql); $result_newpass->execute([':user_id'=>$userid,':password_hashcode'=>$newpass_hash, ':reset_token'=>NULL, ':reset_allocated_time'=>NULL]);
- 我認爲,問題可能出在get方法的原因,似乎我無法正常訪問USER_ID/URL中reset_token?
...本地主機/例子/ reset_pass.php?USER_ID = XX & reset_token = XXXXXXXXX
我在USER_ID越來越不確定的變量
任何人都知道,如果這個問題(S )導致我的密碼驗證也不起作用?
所以用戶ID存儲在$用戶ID,所以你需要在WHERE子句中使用該變量。更新後的代碼:'WHERE user_id =「。$ userid' –
你的意思是像user_id =」。 $ userid。「因爲我很確定我已經嘗試過了,會再次重試 –
您不需要關閉雙引號。你可以將最後一行替換爲'。「WHERE user_id =」。 $用戶標識;' –