忘记密码无效

Question

我有一些脚本从互联网上，允许客户重置他们的密码，如果他们需要，但我似乎无法使它工作。

我就是这样实施的：

<?php 
    error_reporting(0);
    $EmailAddress=$_POST['EmailAddress'];

    if($_POST['submit']=='Send')
    {
        require "db.inc";
        $query="SELECT * from members WHERE EmailAddress='$EmailAddress'";
        $result=mysql_query($query) or die(error);

        if(mysql_num_rows($result))
        {
            echo "User exist";
        }
        else
        {
            echo "No user exist with this email id1";
        }
    }


    if(mysql_num_rows($result))
    {
        $code=rand(100,999);
        $message="You activation link is: http://yourwebsitename.com/forgot.php?    EmailAddress=$EmailAddress&code=$code";
        mail($EmailAddress, "Subject Goes Here", $message);
        echo "Email sent";
    }
    else
    {
        echo "No user exist with this email id2";
    }
?>

这是重定向到此页面的表单。

<form method="POST" action="EmailPassword.php">
    <div class="Row">
        <div class="Lable">Email Address:</div> <!--End of Lable-->
        <div class="input">
            <input type="email" id="EmailAddress" class="detail" name="EmailAddress" placeholder="Email Address" required />
        </div> <!--End input-->
    </div> <!--End row-->

    <br />
    <div class="submit">
        <input type="submit" id="Reset" Name="submit" value="Send Password" /> 
    </div><!--End of .submit-->
</form>

我所犯的错误是

此电子邮件id2不存在任何用户。

Answer 1

您需要将随机代码写入数据库(或任何您想要的地方)，并将其绑定到用户的电子邮件中。然后，当用户打开激活链接时，您需要一段类似于您必须处理的代码。但是，这一次您将读取GET变量，并选择与email 和临时代码匹配的数据库记录。例如，就像这样：

SELECT id FROM members WHERE EmailAddress='$EmailAddress' AND tmpCode='$code'; 
// make sure to sanitize those inputs, otherwise Bobby Tables might join in!!
// this query assumes you have a varChar field tmpCode in your members table

只有在此之后，您才能向用户发送新密码或将其带到屏幕上。

见鲍比桌