I have created a password reset function in PHP.
我在PHP中创建了一个密码重置功能。
It's working just fine...........except that, for some reason, I'm unable to set the recipient's email address : "TO"
它工作得很好...........除了由于某种原因,我无法设置收件人的电子邮件地址:“TO”
The code works this way :
代码以这种方式工作:
(a) the user is asked to provide his login/username (b) php sends an sql query to the database; (c) if the username is found, php takes the email-address, and sends a Reset Link via email (d) this reset-link has a unique "token" attached to it (e) the user clicks on the link in his email, and is re-directed to a new page where he resets his password
(a)要求用户提供他的登录名/用户名(b)php向数据库发送sql查询; (c)如果找到用户名,php将获取电子邮件地址,并通过电子邮件发送重置链接(d)此重置链接附有唯一的“令牌”(e)用户点击其中的链接电子邮件,并重新定向到他重置密码的新页面
Everything is working fine...........except for the email structure itself. The email comprises : TO, CC, SUBJECT, BODY, and HEADERS.
一切都很好............除了电子邮件结构本身。该电子邮件包括:TO,CC,SUBJECT,BODY和HEADERS。
Everything is being shown..........except the actual "TO".
一切都在显示..........除了实际的“TO”。
In fact, the only reason I know that the code works is because I'm getting a copy of the email, via the the "CC"
事实上,我知道代码工作的唯一原因是因为我通过“CC”获得了电子邮件的副本
Here is my code :
这是我的代码:
if(isset($_POST['submit'])) {
$login = $_POST['login'];
$query = "select * from personal_data where login='$login'";
$result = mysqli_query($conn,$query);
$count=mysqli_num_rows($result);
$rows=mysqli_fetch_array($result);
if($count==0) {
echo "Sorry; that username does not exist in our database";
}
else {
function getRandomString($length)
{
$validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZ123456789!#+=%&/?*$";
$validCharNumber = strlen($validCharacters);
$result = "";
for ($i = 0; $i < $length; $i++) {
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result; }
$token=getRandomString(40);
$q="insert into token (token,login) values ('".$token."','".$login."')";
mysqli_query($conn,$q);
function mailresetlink($to,$token){
$to = $rows['email'];
$subject = "Password Reset";
$uri = 'http://'.$_SERVER['HTTP_HOST'] ;
$message = '
<html>
<head>
<title>Password Reset Link</title>
</head>
<body>
<p>We received a Password-Reset request from your account.</p>
<p>Click on the following link to reset your password : <a
href="'.$uri.'/PHP/password_reset?token='.$token.'">Reset Password</a></p>
</body>
</html>
';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: Support<support@xxxxx.com>' . "\r\n";
$headers .= 'Bcc: Info<info@xxxxx.com>' . "\r\n";
if(mail($to, $subject, $message, $headers)) {
echo "A password reset link has been sent to your email address."
}
}
if(isset($_POST['login'])) {
mailresetlink($email,$token);
exit();
}
}
}
2 个解决方案
#1
The reason why your code is not working is due to a few things.
您的代码无法正常工作的原因是由于某些原因。
One of which is that $rows needs to reside inside the function mailresetlink($to,$token) function's parameter.
其中一个是$ rows需要驻留在函数mailresetlink($ to,$ token)函数的参数中。
Change that to function mailresetlink($to,$token,$rows) and do the same for the one inside if(isset($_POST['login'])){...}
更改为mailresetlink($ to,$ token,$ rows)的功能,如果(isset($ _ POST ['login'])){...}执行相同的操作
if(isset($_POST['login'])) {
mailresetlink($email,$token,$rows);
exit();
}
Plus, if it isn't a typo or a bad paste; there is also a missing semi-colon in this line:
另外,如果它不是拼写错误或粘贴不好;这一行还有一个缺少的分号:
echo "A password reset link has been sent to your email address."
^ right there
Having done all of the above, successfully sent all of the information to Email during my test.
完成上述所有操作后,在测试期间成功将所有信息发送到了Email。
Sidenote: Your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.
旁注:您现在的代码对SQL注入开放。将mysqli与准备好的语句一起使用,或者将PDO与准备好的语句一起使用,它们会更加安全。
#2
You cannot define functions in if or while or whatever scope. Define them before or after you intend to use them. Try with the following code:
您无法在if或while或任何范围内定义函数。在打算使用它们之前或之后定义它们。尝试使用以下代码:
<?php
if ( isset($_POST['submit']) ) {
$login = $_POST['login'];
$email = $_POST['email'];
$query = "select * from personal_data where login='$login'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$rows = mysqli_fetch_array($result);
if ($count == 0) {
echo "Sorry; that username does not exist in our database";
} else {
if (isset($_POST['login'])) {
mailresetlink($email, $token, $rows);
exit();
}
}
}
function getRandomString($length)
{
$validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZ123456789!#+=%&/?*$";
$validCharNumber = strlen($validCharacters);
$result = "";
for ($i = 0; $i < $length; $i++) {
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result;
}
$token = getRandomString(40);
$q = "insert into token (token,login) values ('" . $token . "','" . $login . "')";
mysqli_query($conn, $q);
function mailresetlink($to, $token, $rows)
{
$to = $rows['email'];
$subject = "Password Reset";
$uri = 'http://' . $_SERVER['HTTP_HOST'];
$message = '
<html>
<head>
<title>Password Reset Link</title>
</head>
<body>
<p>We received a Password-Reset request from your account.</p>
<p>Click on the following link to reset your password : <a
href="' . $uri . '/PHP/password_reset?token=' . $token . '">Reset Password</a></p>
</body>
</html>
';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: Support <support@xxxxx.com>' . "\r\n";
$headers .= 'Bcc: Info <info@xxxxx.com>' . "\r\n";
if (mail($to, $subject, $message, $headers)) {
echo "A password reset link has been sent to your email address.";
}
}
?>
Also, pay attention to Quentin's advice about preventing SQL injection.
另外,请注意Quentin关于防止SQL注入的建议。
What I did was:
我做的是:
- Moved
getRandomStringandmailresetlinkafter theifblock - Added parameter
$rowstomailresetlinkfunction, so it can find use of the$rowsvariable (which was out of the scope)
在if块之后移动了getRandomString和mailresetlink
向mailresetlink函数添加了参数$ rows,因此它可以找到$ rows变量的使用(超出了范围)
You also need to define $email, because it's not being set anywhere, so I did it for you (I guess you also have an input field with the name of email somewhere.
你还需要定义$ email,因为它没有在任何地方设置,所以我为你做了(我猜你也有一个输入字段,其中包含电子邮件的名称。)
Test it, it should work.
测试它,它应该工作。
#1
The reason why your code is not working is due to a few things.
您的代码无法正常工作的原因是由于某些原因。
One of which is that $rows needs to reside inside the function mailresetlink($to,$token) function's parameter.
其中一个是$ rows需要驻留在函数mailresetlink($ to,$ token)函数的参数中。
Change that to function mailresetlink($to,$token,$rows) and do the same for the one inside if(isset($_POST['login'])){...}
更改为mailresetlink($ to,$ token,$ rows)的功能,如果(isset($ _ POST ['login'])){...}执行相同的操作
if(isset($_POST['login'])) {
mailresetlink($email,$token,$rows);
exit();
}
Plus, if it isn't a typo or a bad paste; there is also a missing semi-colon in this line:
另外,如果它不是拼写错误或粘贴不好;这一行还有一个缺少的分号:
echo "A password reset link has been sent to your email address."
^ right there
Having done all of the above, successfully sent all of the information to Email during my test.
完成上述所有操作后,在测试期间成功将所有信息发送到了Email。
Sidenote: Your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.
旁注:您现在的代码对SQL注入开放。将mysqli与准备好的语句一起使用,或者将PDO与准备好的语句一起使用,它们会更加安全。
#2
You cannot define functions in if or while or whatever scope. Define them before or after you intend to use them. Try with the following code:
您无法在if或while或任何范围内定义函数。在打算使用它们之前或之后定义它们。尝试使用以下代码:
<?php
if ( isset($_POST['submit']) ) {
$login = $_POST['login'];
$email = $_POST['email'];
$query = "select * from personal_data where login='$login'";
$result = mysqli_query($conn, $query);
$count = mysqli_num_rows($result);
$rows = mysqli_fetch_array($result);
if ($count == 0) {
echo "Sorry; that username does not exist in our database";
} else {
if (isset($_POST['login'])) {
mailresetlink($email, $token, $rows);
exit();
}
}
}
function getRandomString($length)
{
$validCharacters = "ABCDEFGHIJKLMNPQRSTUXYVWZ123456789!#+=%&/?*$";
$validCharNumber = strlen($validCharacters);
$result = "";
for ($i = 0; $i < $length; $i++) {
$index = mt_rand(0, $validCharNumber - 1);
$result .= $validCharacters[$index];
}
return $result;
}
$token = getRandomString(40);
$q = "insert into token (token,login) values ('" . $token . "','" . $login . "')";
mysqli_query($conn, $q);
function mailresetlink($to, $token, $rows)
{
$to = $rows['email'];
$subject = "Password Reset";
$uri = 'http://' . $_SERVER['HTTP_HOST'];
$message = '
<html>
<head>
<title>Password Reset Link</title>
</head>
<body>
<p>We received a Password-Reset request from your account.</p>
<p>Click on the following link to reset your password : <a
href="' . $uri . '/PHP/password_reset?token=' . $token . '">Reset Password</a></p>
</body>
</html>
';
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= 'From: Support <support@xxxxx.com>' . "\r\n";
$headers .= 'Bcc: Info <info@xxxxx.com>' . "\r\n";
if (mail($to, $subject, $message, $headers)) {
echo "A password reset link has been sent to your email address.";
}
}
?>
Also, pay attention to Quentin's advice about preventing SQL injection.
另外,请注意Quentin关于防止SQL注入的建议。
What I did was:
我做的是:
- Moved
getRandomStringandmailresetlinkafter theifblock - Added parameter
$rowstomailresetlinkfunction, so it can find use of the$rowsvariable (which was out of the scope)
在if块之后移动了getRandomString和mailresetlink
向mailresetlink函数添加了参数$ rows,因此它可以找到$ rows变量的使用(超出了范围)
You also need to define $email, because it's not being set anywhere, so I did it for you (I guess you also have an input field with the name of email somewhere.
你还需要定义$ email,因为它没有在任何地方设置,所以我为你做了(我猜你也有一个输入字段,其中包含电子邮件的名称。)
Test it, it should work.
测试它,它应该工作。