提交后重置密码不会更改密码

Question

我正在尝试重设密码，但在我提交新密码后，我无需更改即可重新登录。我认为发生这种情况是因为它不记得电子邮件和令牌。它向我显示了表单，但在我单击提交后没有执行任何操作。

代码：

<?php

if (isset($_GET['email']) && isset($_GET['token'])) {
include('databaze.php');
$conn = new mysqli($servername, $username, $password, $dbname);
$email = $conn->real_escape_string($_GET['email']);
$token = $conn->real_escape_string($_GET['token']);

  $data = $conn->query("SELECT did FROM tbldoc WHERE email='$email' AND 
  token='$token'");
if ($data->num_rows > 0) {
    include('reset-form.php');
    if (isset($_POST['resetPass'])) {
        $password = $_POST["password"];
        $password_conf = $_POST['password-conf'];
        $email = $_POST["email"];
        $token = $_POST["token"];
        if (empty($password) || empty($password_conf)) {
            echo "<br><br>Fill the form";
        } elseif ($password !== $password_conf) {
            echo "<br><br>Password doesn't match Password Confirmation";
        }
        $password = md5($password);

        $conn->query("UPDATE tbldoc SET hashedpwd='$password', token='' WHERE email='$email'");


    }
} else {

    echo "Please check your link!";

  }
} else {

   header("Location: login.php");
   exit();
 }
?>

表格：

 <form method="post" action="resetpassword.php" class="form-signin">
<h2 class="form-signin-heading">Reset Password</h2>
Password <input type="password" class="form-control" name="password" placeholder="Password">
<br>

Password Confirmation <input type="password" class="form-control" name="password-conf"
                             placeholder="Password Confirmation">
<br>
<input type="hidden" class="form-control" name="email" value="<?php echo $email;?>">
<input type="hidden" class="form-control" name="token" value="<?php echo $token;?>">


<input type="submit" class="btn btn-lg btn-primary btn-block" name="resetPass" value="Reset your Password">

你能帮我吗？

Answer 1

您的表单是 POST 类型，您期待 GET

isset($_POST['email']) && isset($_POST['token'])

可以吗？

Answer 2

可能是因为这行，你的 SQL 无法搜索邮件

$email = $conn->real_escape_string($_GET['email']);

Answer 3

将此添加到您的表单中。它会记住电子邮件和令牌：

<input type="hidden" name="email" value="<?php echo @$email; ?>">
<input type="hidden" name="token" value="<?php echo @$token; ?>">

Answer 4

您的form 方法是POST，您正在检查GET 中的数据。所以每次其他部分都会被调用。更改代码中的这一行

if (isset($_GET['email']) && isset($_GET['token'])) {

与

if (isset($_POST['email']) && isset($_POST['token'])) {

Answer 5

您的表单操作是post 方法，因此您需要检查条件为

if (isset($_POST['email']) && isset($_POST['token']))

这是完整的代码。你使用一些地方 GET 和一些地方 POST 方法，所以它适用于 POST 方法......

<?php

if (isset($_POST['email']) && isset($_POST['token'])) {
include('databaze.php');
$conn = new mysqli($servername, $username, $password, $dbname);
$email = $conn->real_escape_string($_POST['email']);
$token = $conn->real_escape_string($_POST['token']);

  $data = $conn->query("SELECT did FROM tbldoc WHERE email='$email' AND 
  token='$token'");
if ($data->num_rows > 0) {
    include('reset-form.php');
    if (isset($_POST['resetPass'])) {
        $password = $_POST["password"];
        $password_conf = $_POST['password-conf'];
        $email = $_POST["email"];
        $token = $_POST["token"];
        if (empty($password) || empty($password_conf)) {
            echo "<br><br>Fill the form";
        } elseif ($password !== $password_conf) {
            echo "<br><br>Password doesn't match Password Confirmation";
        }
        $password = md5($password);

        $conn->query("UPDATE tbldoc SET hashedpwd='$password', token='' WHERE email='$email'");


    }
} else {

    echo "Please check your link!";

  }
} else {

   header("Location: login.php");
   exit();
 }
?>

或更改您的表单，例如 <form method="GET" action="resetpassword.php" class="form-signin">