它工作,如果我把它像user_id = 3或当我删除where语句(WHERE user_id =“。$ user ['user_id']。”),但然后我所有的数据库密码更改。重置密码确认无法正常工作?
我用get方法来获得这样的 USER_ID = 3 & reset_token = XXXXXXXXX
<?php
if(isset($_GET['user_id']) && isset($_GET['reset_token'])) {
$userid = $_GET['user_id'];
$reset_token = $_GET['reset_token'];
// Make sure user email with matching hash exist
$req = $heidisql->prepare("SELECT * FROM users WHERE user_id='$userid' AND reset_token='$reset_token' ");
$req->execute($userid, $reset_token);
$user = $req->fetch(PDO::FETCH_ASSOC);
if ($user) {
if (!preg_match ('%\A(?=[-_a-zA-Z0-9]*?[A-Z])(?=[-_a-zA-Z0-9]*?[a-z])(?=[-_a-zA-Z0-9]*?[0-9])\S{8,30}\z%', $_POST['new_pass'])
|| $_POST['new_pass'] !== $_POST['confirm_newpass']) {
echo 'Your new password did not match the new confirm password or is invalid!';
exit();
}
}
} else {
$newpassword = escape_data($_POST['new_pass']);
$newpass_hash = password_hash($newpassword, PASSWORD_BCRYPT);
$sql= "UPDATE users SET "
. "password_hashcode='$newpass_hash', "
. "reset_allocated_time=NULL, "
. "reset_token=NULL "
. "WHERE user_id=".$user['user_id']." "; //<- error here
// Make sure user email with matching hash exist
$result_newpass = $heidisql->prepare($sql);
$result_newpass->execute();
echo "Your password has been reset!";
exit();
}
已经尝试USER_ID = '$用户ID'/ $ _GET [ 'user_ID的']的用户ID 那么,应该如何我定义了变量user_id?
仍然不起作用 $ req = $ heidisql-> prepare(“SELECT * FROM users WHERE user_id =':user_id'AND reset_token =':reset_token'”);
$req->execute([':user_id'=>$userid, ':reset_token'=>$reset_token]);
$sql= "UPDATE users SET password_hashcode=':password_hashcode', reset_allocated_time=NULL, reset_token=NULL WHERE user_id=:user_id";
$result_newpass = $heidisql->prepare($sql); $result_newpass->execute([':user_id'=>$userid,':password_hashcode'=>$newpass_hash, ':reset_token'=>NULL, ':reset_allocated_time'=>NULL]);
- 我认为,问题可能出在get方法的原因,似乎我无法正常访问USER_ID/URL中reset_token?
...本地主机/例子/ reset_pass.php?USER_ID = XX & reset_token = XXXXXXXXX
我在USER_ID越来越不确定的变量
任何人都知道,如果这个问题(S )导致我的密码验证也不起作用?
所以用户ID存储在$用户ID,所以你需要在WHERE子句中使用该变量。更新后的代码:'WHERE user_id =“。$ userid' –
你的意思是像user_id =”。 $ userid。“因为我很确定我已经尝试过了,会再次重试 –
您不需要关闭双引号。你可以将最后一行替换为'。“WHERE user_id =”。 $用户标识;' –