重置密码 POST 刷新页面而不发布
Posted
技术标签:
【中文标题】重置密码 POST 刷新页面而不发布【英文标题】:Reset Password POST refreshing page without posting 【发布时间】:2016-12-27 22:07:06 【问题描述】:我正在尝试创建一个密码重置表单,当用户单击其电子邮件中的链接时,他们会被发送到密码重置页面。
密码表单已使用FormValidation 进行验证,但我遇到了用户提交时页面刷新、清除 GET 变量并且未进入if($_SERVER['REQUEST_METHOD'] == 'POST') 部分的问题。
可以看到上传的代码here。
我尝试了各种解决方案,但不知道出了什么问题。有什么帮助!
谢谢大家!
这是我的 php 代码:
// ERROR REPORTING
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
// END ERROR REPORTING
if(isset($_GET['email']) && isset($_GET['token']))
//Get variables from email password reset link
$token = $_GET ['token'];
$email = $_GET['email'];
require_once('dbconfig.php');
//CHECK TO SEE IF EMAIL EXISTS IN THE DATABASE//
$sql = "SELECT * FROM users_launchpad WHERE email = '$email' ";
$query = mysqli_query($conn, $sql);
$result = mysqli_fetch_assoc($query);
if ($result['email'] == $email)
$check1 = true;
else
$check1=false;
//END EMAIL CHECK//
//CHECKS TO SEE IF ID MATCHES TOKEN//
if(md5($result['id'])==$token)
$check2 = true;
else
$check2 = false;
//END ID CHECK
//IF BOTH CHECKS ARE TRUE, CHANGE PASSWORD UPON POST.
if($check1==$check2)
if($_SERVER['REQUEST_METHOD'] == 'POST')
$password = $_POST['password'];
$update_password = "UPDATE users_launchpad SET password = '$password' WHERE email = '$email'";
$password_query = mysqli_query($conn, $update_password);
// header('location: reset_password_success.php');
if ($password_query)
$success_message = "Password Updated Successfully";
?>
这是 html:
<?php require_once('header.php');?>
<link href='../css/login.css' rel='stylesheet' type='text/css'>
<link href ='../css/formValidation.min.css' type = 'text/css'>
</head>
<body>
<div class = "col-md-offset-4 col-md-4" id = "loginForm">
<div class = "row">
//CREATE FORM
<form role="form" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post" id = "reset_password">
<fieldset>
<legend>Reset Password</legend>
<div class = "col-md-12 text-center ">
<span class="text-success "><?php if (isset($success_message)) echo $success_message; ?></span>
</div>
<br>
<div class="form-group">
<label for="name">New Password</label>
<input type="password" name="password" placeholder="Password" required class="form-control" />
</div>
<div class="form-group">
<label for="name">Confirm New Password</label>
<input type="password" name="confirmPassword" placeholder="Confirm Password" required class="form-control" />
</div>
</fieldset>
<div class="form-group">
<input type="submit" name="reset_password" value="Login" class="btn btn-primary" />
</div>
</form>
<div class = "col-md-6 col-md-offset-3 text-center">
<span class="text-danger "><?php if (isset($errormsg)) echo $errormsg; ?></span>
</div>
<br>
<br>
</div>
<input type="hidden" name="token" value= "" />
</div>
//END CREATE FORM
这里是 javascript:
//INCLUDE BOOTSTRAP AND FORM VALIDATION
<script src="//oss.maxcdn.com/bootbox/4.2.0/bootbox.min.js"></script>
<script src="js/formValidation.min.js"></script>
<script src="js/framework/bootstrap.min.js"></script>
<script>
$(document).ready(function()
$('#reset_password')
.formValidation(
framework: 'bootstrap',
icon:
valid: 'glyphicon glyphicon-ok',
invalid: 'glyphicon glyphicon-remove',
validating: 'glyphicon glyphicon-refresh'
,
fields:
password:
validators:
notEmpty:
message: 'Your password is required'
,
stringLength:
min: 4,
max: 30,
message: 'Your password must be between 4 and 30 characters'
,
identical:
field: 'confirmPassword',
message: 'The password and its confirm are not the same'
,
confirmPassword:
validators:
notEmpty:
message: 'Your password is required'
,
stringLength:
min: 4,
max: 30,
message: 'Your password must be between 4 and 30 characters'
,
identical:
field: 'password',
message: 'The password and its confirm are not the same'
)
.on('success.form.fv', function(e)
e.preventDefault();
var $form = $(e.target);
$form.get(0).submit();
return false;
);
);
</script>
</body>
</html>
【问题讨论】:
【参考方案1】:在您的 PHP 代码中,您需要发送电子邮件并设置令牌,因为我可以看到令牌未发送 仅请求密码并且正在发送确认密码。
1- 在表单中放置令牌。
2- 将表单视图设为 PHP 页面以隐藏发送电子邮件。
//CREATE FORM
<form role="form" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" method="post" id = "reset_password">
<fieldset>
<legend>Reset Password</legend>
<div class = "col-md-12 text-center ">
<span class="text-success "><?php if (isset($success_message)) echo $success_message; ?></span>
</div>
<br>
<div class="form-group">
<label for="name">New Password</label>
<input type="password" name="password" placeholder="Password" required class="form-control" />
</div>
<div class="form-group">
<label for="name">Confirm New Password</label>
<input type="password" name="confirmPassword" placeholder="Confirm Password" required class="form-control" />
</div>
</fieldset>
<div class="form-group">
<input type="submit" name="reset_password" value="Login" class="btn btn-primary" />
</div>
<input type="hidden" name="token" value= "random" />
<input type="hidden" name="email" value= <?= $_GET['email'] />
</form>
<div class = "col-md-6 col-md-offset-3 text-center">
<span class="text-danger "><?php if (isset($errormsg)) echo $errormsg; ?></span>
</div>
<br>
<br>
</div>
</div>
【讨论】:
您好,通过“忘记密码”网页发送了一封电子邮件。忘记密码网页将发送一封包含用户电子邮件和令牌的电子邮件。单击该链接后,它将被重定向到此页面,他们可以在其中重置其电子邮件和密码。另一个网页可以在这里查看:thelaunchpadsociety.com/forgot_password_action.php 问题是原始帖子重置了帖子中的电子邮件和令牌,并以某种方式清除了用户的新密码 POST 但是在提交密码重置表单时,您需要知道在哪个电子邮件中更改密码。所以你也需要发送电子邮件。 是的,电子邮件是通过超链接内的变量发送的:thelaunchpadsociety.com/… 在这种情况下,电子邮件是我的电子邮件“vudanthony@gmail.com”,令牌是我的 md5(id),即从 mysql 服务器请求我使用 php $_GET['email'] 和 $_GET['token'] 从超链接中检索变量,所以我知道要更改哪个电子邮件 我是说第二次用户填写密码重置表单。 php 代码将不起作用,因为表单作为 POST 发送,并且您有条件 if(isset($_GET['email']) && isset($_GET['token'])) 不能满足,因为没有发送电子邮件和令牌见网络标签请求。 我发布了一张图片来展示请求的进展情况。以上是关于重置密码 POST 刷新页面而不发布的主要内容,如果未能解决你的问题,请参考以下文章