用 php/mysql 更新密码

Question

昨天我发布了一些代码，询问用户如何通过表单更新密码。看here

但是在更新密码后，我无法通过我的安卓应用程序登录。所以我决定改变一下forgotpassword.php 文件。

<?php
session_start();
require "../init.php";
ini_set('display_errors', 1);



if(isset($_POST['update'])){


    $email = $_POST['email'];
    $user_name = $_POST['user_name'];
    $password = $_POST['user_pass'];
    $passwordEncrypted = sha1($user_pass); 

    $confpassword = $_POST['confirm_pass'];
    $confPasswordEncrypted = sha1($confirmPass);  

    if($password !== $confpassword){
       echo "<script>alert('Passwords are not equal')</script>";
    }else{
        $select_query = "SELECT * FROM user_info";

        $run_select_query = mysqli_query($con,$select_query); 

        while ($row_post=mysqli_fetch_array($run_select_query)){

              $_SESSION['id'] = $row_post['id'];
              $user_id = $_SESSION['id'];
              $useremail = $row_post['email'];
              $username = $row_post['user_name'];

              var_dump($user_id);

            if($useremail == $email AND $username == $user_name){
                //echo "<script>alert('$useremail')</script>";
                //echo "<script>alert('$username')</script>";
                echo "<script>alert('$id')</script>";
                $update_posts = "UPDATE user_info SET user_pass='$passwordEncrypted',confirm_pass ='$confPasswordEncrypted'  
                WHERE $id='$_userid'";  

                $run_update = mysqli_query($con,$update_posts); 
                //var_dump($user_name);
            echo "<script>alert('Password Has been Updated!')</script>";
            }else{
             echo "<script>alert('No email or username was found')</script>";
            }

        }

    }

}
?>

但现在密码没有像以前那样更新。更新语句或之前的一行有问题。 $_SESSION['id'] 不为空，因此选择查询工作正常。

有什么想法吗？

谢谢。

Answer 1

where 子句中的错字。 WHERE $id='$_userid'";

将更新查询的 where 子句更改为：WHERE $id='$user_id'";

Answer 2

更新您的选择查询：

$select_query = "SELECT * FROM user_info where email = '".$email."' and user_name = '".$username."' ";

和then check if mysqli_num_rows(). 如果 > 0 则只执行更新查询并将数据放入会话中。

您的更新查询也不正确。应该是：

$update_posts = "UPDATE user_info SET user_pass='$passwordEncrypted',confirm_pass ='$confPasswordEncrypted'  
                WHERE $id='$userid'";

Answer 3

您的更新查询应该是这样的：

$update_posts = "UPDATE user_info 
    SET
           user_pass='$passwordEncrypted',
           confirm_pass ='$confPasswordEncrypted' 
    WHERE id = $user_id";

Answer 4

好的。我已经更改了代码并使其工作。所以这就是我正在做的。

1) 我运行一个选择查询来检查用户是否已经注册。如果是，则更新密码并在他的电子邮件中发送一个新密码。

2) 如果没有，那么您会在我的 android 应用程序中收到一个 json 响应，说找不到用户电子邮件。

3) 最后用户可以使用更新后的 5 位密码登录:)。

<?php
 require "init.php";
 $email = $_POST['email'];



  if($email){
        $select_query = "SELECT * FROM user_info";

        $run_select_query = mysqli_query($con,$select_query); 

        while ($row_post=mysqli_fetch_array($run_select_query)){

            $id = $row['id'];
            $usermail = $row_post['email'];
            $username = $row_post['user_name'];



        }
            if($usermail == $email){
                $don = array('result' =>"success","message"=>"user mail found.");

                $random = rand(72891, 92729);
                $new_pass = $random;

                $email_password = $new_pass;
                $new_pass = sha1($new_pass);

                $update_pass = "update user_info set user_pass='$new_pass',confirm_pass='$new_pass' where user_name='$username'";

                $run_update = mysqli_query($con,$update_pass); 


                    $subject = "Login information";

                    $message = "Your password has been changed to $email_password";

                    $from = "From: example@example.com";

                    mail($email,$subject,$message,$from);

                $don = array('result' =>"success","message"=>"your password has been updated. Please check your email");



            }else{
                $don = array('result' =>"fail","message"=>"user mail not found.");
            }
        }else{
            $don = array('result' =>"fail","message"=>"please enter your email");
        }

   echo json_encode($don);
?>