Forgot Password Script PHP mysqli database

后端未结

关注

 2  1622

Hi I am trying to make forgot password script and successfully completed but I am getting one problem. In forgot.php When user enter email, script checks the email

相关标签:

2条回答

孤街浪徒

2021-02-11 12:01

You need to change the action from resetpass.php to resetpass.php?code=<?php echo $_GET['code'];?>

Otherwise the code gets lost when you submit the form.

For example: (Not bugfree!)

<?php
if(isset($_GET['code'])) $acode = $_GET['code'];
else die("No code!");

$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno()) {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
} else {
    $acode = mysqli_real_escape_string($con, $acode);
    $query = mysqli_query($con,"select * from login where activation_code='$acode'")
    or die(mysqli_error($con)); 
    if(mysqli_num_rows($query) == 0) {
        echo "Wrong code";
        die();
    } elseif (mysqli_num_rows ($query)==1 && isset($_POST['pass'])) {
        $pass = mysqli_real_escape_string($con, $_POST['pass']);
        $query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
        or die(mysqli_error($con)); 

        echo 'Password Changed';
    }
}

?>

    <form action="resetpass.php?code=<?php echo $_GET['code'];?>" method="POST">
    <p>New Password:</p><input type="password" name="pass" />
    <input type="submit"  name="submit" value="Signup!" />
    </form>

But think about some things:

Your Code is very unsecure, better try uniqid(rand());
With this Code it is possible that two entries got the same code
Somebody could try all code poosibilities

0 讨论(0)

情深已故

2021-02-11 12:04

I got a bug in resetpass.php

You'l first have to use $_GET['code'] to get your activation code and store in a hidden field of

here is modified code, that should work.

<?php

if(isset($_POST['pass'])){
$pass = $_POST['pass'];
$acode=$_POST['code'];

$con=mysqli_connect("xxx","xxx","xxx","xxx");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con,"select * from login where activation_code='$acode'")
or die(mysqli_error($con)); 

if (mysqli_num_rows ($query)==1) 
{
$query3 = mysqli_query($con,"update login set Password='$pass' where activation_code='$acode'")
or die(mysqli_error($con)); 

echo 'Password Changed';
}
else
{
echo 'Wrong CODE';
}
}
?>

<form action="resetpass.php" method="POST">
<p>New Password:</p><input type="password" name="pass" />
<input type="submit"  name="submit" value="Signup!" />
<input type="hidden" name="code" value="<?php echo $_GET['code'];?>" />
</form>

0 讨论(0)