【问题标题】:Password reset with secret questions using php ajax and mysql使用 php ajax 和 mysql 用秘密问题重置密码
【发布时间】:2013-04-05 18:36:40
【问题描述】:

我正在尝试编写一个脚本,允许用户在提供电子邮件地址和回答秘密问题后重置密码。问题是我的秘密问题脚本没有按预期工作。当用户回答秘密问题时,它会在 ajax 的帮助下发布到 PHP 脚本并返回 responseText,它应该根据返回的响应触发 ajax,但是当返回的文本满足其他一些条件时,这里的脚本总是显示 ajax 的 else 条件。 ...任何帮助将不胜感激。提前感谢您的帮助..

这些是重置密码的步骤:

  1. 点击忘记密码
  2. 询问用户电子邮件地址
  3. 回答秘密问题
  4. 在电子邮件中发送重置链接
  5. 点击电子邮件中发送的链接后,用户将被引导到密码重置页面,他们可以在其中创建新密码。

这里是代码

<?php 

if(isset($_GET['e'])){
        // CONNECT TO THE DATABASE
        include_once("php_includes/connect_to_mysqli.php");
        // GATHER THE POSTED EMAIL INTO LOCAL VARIABLES AND SANITIZE
        $email = mysqli_real_escape_string($db_conx, $_GET['e']);

        $sql = "SELECT * FROM useroptions WHERE email='$email' LIMIT 1";
        $query = mysqli_query($db_conx, $sql);
        $numrows = mysqli_num_rows($query);
        while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
            $id = $row["id"];
            $u = $row["username"];
            $q1 = $row["question"];
            $q2 = $row["question2"];
            $a1 = $row["answer"];
            $a2 = $row["answer2"];

                }
          if ($q1 == "" || $q2 == ""){
              header ("location: messages.php?emsg=forget&u=".$u);
                 exit();
              }
        }
?>
<?php
// AJAX CALLS THIS CODE TO EXECUTE
if(isset($_POST["pa1"])){
    include_once("php_includes/connect_to_mysqli.php");
    $e = mysqli_real_escape_string($db_conx, $_POST['em']);
    $pa1= $_POST['pa1'];
    $pa2= $_POST['pa2'];

    $sql = "SELECT * FROM useroptions WHERE email='$e' LIMIT 1";
        $query = mysqli_query($db_conx, $sql);
        $numrows = mysqli_num_rows($query);
        while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
            $id = $row["id"];
            $a1 = $row["answer"];
            $a2 = $row["answer2"];
            }


    if ($pa1 == $a1 && $pa2 == $a2 && $e == $email ){
    $sql = "SELECT id, username FROM user WHERE email='$e' AND activated='1' LIMIT 1";
    $query = mysqli_query($db_conx, $sql);
    $numrows = mysqli_num_rows($query);
    if($numrows > 0){
        while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
            $id = $row["id"];
            $u = $row["username"];
        }
        $emailcut = substr($e, 0, 4);
        $randNum = rand(10000,99999);
        $tempPass = "$emailcut$randNum";
        $hashTempPass = md5($tempPass);
        $sql = "UPDATE useroptions SET temp_pass='$hashTempPass' WHERE username='$u' LIMIT 1";
        $query = mysqli_query($db_conx, $sql);
        $to = "$e";
        $from = "auto_responder@yousite.com";
        $headers ="From: $from\n";
        $headers .= "MIME-Version: 1.0\n";
        $headers .= "Content-type: text/html; charset=iso-8859-1 \n";
        $subject ="yoursite Temporary Password";
        $msg = '<h2>Hello '.$u.'</h2><p> Email with activation link</p>';
        if(mail($to,$subject,$msg,$headers)) {
            echo "success";
            exit();
        } else {
            echo "email_send_failed";
            exit();
        }
    }
    } else {
        echo "no_exist";
    }

    exit();
}
?>



    <!DOCTYPE html>
    <html>
    <head>
    <meta charset="UTF-8">
    <title>Security Answer-</title>
    <link rel="icon" href="favicon.ico" type="image/x-icon">
    <link rel="stylesheet" href="css/styles.css">
    <style type="text/css">
    #securityform{
        margin-top:24px;    
    }
    #securityform > div {
        margin-top: 12px;   
    }
    #securityform > input {
        width: 250px;
        padding: 3px;
        background: #F3F9DD;
    }
    #anssubmitbtn {
        font-size:15px;
        padding: 10px;
    }
    </style>
    <script src="js/main.js"></script>
    <script src="js/ajax.js"></script>
    <script>
    function emptyElement(x){
        _(x).innerHTML = "";
    }
    function ajaxObj( meth, url ) {
    var x = new XMLHttpRequest();
    x.open( meth, url, true );
    x.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    return x;
}
function ajaxReturn(x){
    if(x.readyState == 4 && x.status == 200){
        return true;    
    }
}

    function forgotpasscon(){
        var em = _("email").value;
        var pa1 = _("ans1").value;
        var pa2 = _("ans2").value;
        if(em == "" || pa1 == "" || pa2 == ""){
            _("status").innerHTML = "Answer all security questions";
        } else {
            _("anssubmitbtn").style.display = "none";
            _("status").innerHTML = 'please wait ...';
            var ajax = ajaxObj("POST", "testconfirm.php");
            ajax.onreadystatechange = function() {
                if(ajaxReturn(ajax) == true) {
                    var response = ajax.responseText;
                    if(ajax.responseText == "success"){
                        _("securityform").innerHTML = '<h3>Step 2. Check your email inbox in a few minutes</h3><p>You can close this window or tab if you like.</p>';
                    } else if(ajax.responseText == "no_exist"){
                        _("status").innerHTML = "Sorry wrong answers";
                    } else if(ajax.responseText == "email_send_failed"){
                        _("status").innerHTML = "Mail function failed to execute";
                    } else {
                        _("status").innerHTML = "An unknown error occurred"+ajax.responseText;
                        _("anssubmitbtn").style.display = "block";
                    }
                }
            }
            ajax.send("em="+em+"&pa1="+pa1+"&pa2="+pa2);
        }
    }
    </script>

    </head>
    <body>
    <?php include_once("template_pageTop.php"); ?>
    <div id="pageMiddle">
        <h3>Step : 2</h3>
      <h4>Please answer the following security questions!!</h4>
      <form id="securityform" onsubmit="return false;">
        <div>Question 1:</div>
        <p><?php echo $q1; ?></p>
        <input name="ans1" id="ans1" type="text" onfocus="_('status').innerHTML='';" maxlength="100">
        <br/><br/>
        <div>Question 2:</div>
        <p><?php echo $q2; ?></p>
        <input name="ans2" id="ans2" type="text" onfocus="_('status').innerHTML='';" maxlength="100">
        <br /><br />
        <input name="email" id="email" type="hidden" value="<?php echo $email; ?>" />

        <button id="anssubmitbtn" onclick="forgotpasscon()">Submit</button> 
        <p id="status"></p>
      </form>
    </div>
    <?php include_once("template_pageBottom.php"); ?>
    </body> 
    </html> 

【问题讨论】:

  • 所以这意味着 if ($pa1 == $a1 && $pa2 == $a2 && $e == $email ) 总是返回 false。乍一看,我建议在比较它们时修剪字符串。即 trim($pa1) == trim($a1) ...等
  • 我的解释不同,我认为安迪的意思是 _("status").innerHTML = "An unknown error occurred"+ajax.responseText;被触发...请澄清。如果我是对的,ajax.responsetext 的价值是什么
  • PHP 正在返回预期的正确输出,但是当涉及到 ajax.responeText 时,它总是显示“发生未知错误”+ajax.responseText( where ajax.responseText="success") 取决于关于 PHP 输出.. 知道这里可能出了什么问题
  • 只是猜测。是不是来自服务器的响应可能有前导或尾随空格?尝试 response.indexOf('success') !== -1 作为您的测试,而不是 response =='success'

标签: php javascript mysql ajax


【解决方案1】:

经过故障排除,确定需要对响应字符串进行修剪:

ajax.onreadystatechange = function (evt) {
    if (ajaxReturn(ajax) == true) {
        var response = ajax.responseText.trim();
        //your if conditions here
    }
};

【讨论】:

  • 谢谢Ali Gangji,但我按照你说的做了更改后仍然遇到同样的问题。它返回 else 条件以及 PHP 脚本的成功响应。如果你能帮助我,我很期待..
  • 在 if 条件之前,输入 console.log(response); 值将显示在您的浏览器控制台中。或者对控制台不熟悉的可以打alert(response);
  • 它返回成功的值但是当我点击确定时它显示---一个未知的错误发生成功
  • 尝试var response = ajax.responseText.trim();,然后在if条件中使用response
  • 感谢它使用 var response = ajax.responseText.trim();
猜你喜欢
  • 1970-01-01
  • 2016-10-04
  • 2015-08-05
  • 2021-12-03
  • 2023-03-25
  • 2012-07-07
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
相关资源
最近更新 更多