メールアドレスを入力して秘密の質問に答えた後、ユーザーがパスワードをリセットできるようにするスクリプトを作成しようとしています。問題は、秘密の質問スクリプトが期待どおりに機能しないことです。ユーザーが秘密の質問に答えると、ajax の助けを借りて PHP スクリプトに投稿され、返された応答に応じて ajax をトリガーする responseText を返しますが、返されたテキストが他の条件を満たしている場合、このスクリプトは常に ajax の else 条件を表示します。 ...どんな助けでも大歓迎です。助けてくれてありがとう..
パスワードをリセットする手順は次のとおりです。
- パスワードを忘れたをクリック
- ユーザーのメールアドレスを尋ねる
- 秘密の質問に答える
- メールでリセットリンクを送信
- メールで送信されたリンクをクリックすると、ユーザーは新しいパスワードを作成できるパスワード リセット ページに移動します。
ここにコードがあります
<?php
if(isset($_GET['e'])){
// CONNECT TO THE DATABASE
include_once("php_includes/connect_to_mysqli.php");
// GATHER THE POSTED EMAIL INTO LOCAL VARIABLES AND SANITIZE
$email = mysqli_real_escape_string($db_conx, $_GET['e']);
$sql = "SELECT * FROM useroptions WHERE email='$email' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
$id = $row["id"];
$u = $row["username"];
$q1 = $row["question"];
$q2 = $row["question2"];
$a1 = $row["answer"];
$a2 = $row["answer2"];
}
if ($q1 == "" || $q2 == ""){
header ("location: messages.php?emsg=forget&u=".$u);
exit();
}
}
?>
<?php
// AJAX CALLS THIS CODE TO EXECUTE
if(isset($_POST["pa1"])){
include_once("php_includes/connect_to_mysqli.php");
$e = mysqli_real_escape_string($db_conx, $_POST['em']);
$pa1= $_POST['pa1'];
$pa2= $_POST['pa2'];
$sql = "SELECT * FROM useroptions WHERE email='$e' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
$id = $row["id"];
$a1 = $row["answer"];
$a2 = $row["answer2"];
}
if ($pa1 == $a1 && $pa2 == $a2 && $e == $email ){
$sql = "SELECT id, username FROM user WHERE email='$e' AND activated='1' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$numrows = mysqli_num_rows($query);
if($numrows > 0){
while($row = mysqli_fetch_array($query, MYSQLI_ASSOC)){
$id = $row["id"];
$u = $row["username"];
}
$emailcut = substr($e, 0, 4);
$randNum = rand(10000,99999);
$tempPass = "$emailcut$randNum";
$hashTempPass = md5($tempPass);
$sql = "UPDATE useroptions SET temp_pass='$hashTempPass' WHERE username='$u' LIMIT 1";
$query = mysqli_query($db_conx, $sql);
$to = "$e";
$from = "auto_responder@yousite.com";
$headers ="From: $from\n";
$headers .= "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=iso-8859-1 \n";
$subject ="yoursite Temporary Password";
$msg = '<h2>Hello '.$u.'</h2><p> Email with activation link</p>';
if(mail($to,$subject,$msg,$headers)) {
echo "success";
exit();
} else {
echo "email_send_failed";
exit();
}
}
} else {
echo "no_exist";
}
exit();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Security Answer-</title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" href="css/styles.css">
<style type="text/css">
#securityform{
margin-top:24px;
}
#securityform > div {
margin-top: 12px;
}
#securityform > input {
width: 250px;
padding: 3px;
background: #F3F9DD;
}
#anssubmitbtn {
font-size:15px;
padding: 10px;
}
</style>
<script src="js/main.js"></script>
<script src="js/ajax.js"></script>
<script>
function emptyElement(x){
_(x).innerHTML = "";
}
function ajaxObj( meth, url ) {
var x = new XMLHttpRequest();
x.open( meth, url, true );
x.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
return x;
}
function ajaxReturn(x){
if(x.readyState == 4 && x.status == 200){
return true;
}
}
function forgotpasscon(){
var em = _("email").value;
var pa1 = _("ans1").value;
var pa2 = _("ans2").value;
if(em == "" || pa1 == "" || pa2 == ""){
_("status").innerHTML = "Answer all security questions";
} else {
_("anssubmitbtn").style.display = "none";
_("status").innerHTML = 'please wait ...';
var ajax = ajaxObj("POST", "testconfirm.php");
ajax.onreadystatechange = function() {
if(ajaxReturn(ajax) == true) {
var response = ajax.responseText;
if(ajax.responseText == "success"){
_("securityform").innerHTML = '<h3>Step 2. Check your email inbox in a few minutes</h3><p>You can close this window or tab if you like.</p>';
} else if(ajax.responseText == "no_exist"){
_("status").innerHTML = "Sorry wrong answers";
} else if(ajax.responseText == "email_send_failed"){
_("status").innerHTML = "Mail function failed to execute";
} else {
_("status").innerHTML = "An unknown error occurred"+ajax.responseText;
_("anssubmitbtn").style.display = "block";
}
}
}
ajax.send("em="+em+"&pa1="+pa1+"&pa2="+pa2);
}
}
</script>
</head>
<body>
<?php include_once("template_pageTop.php"); ?>
<div id="pageMiddle">
<h3>Step : 2</h3>
<h4>Please answer the following security questions!!</h4>
<form id="securityform" onsubmit="return false;">
<div>Question 1:</div>
<p><?php echo $q1; ?></p>
<input name="ans1" id="ans1" type="text" onfocus="_('status').innerHTML='';" maxlength="100">
<br/><br/>
<div>Question 2:</div>
<p><?php echo $q2; ?></p>
<input name="ans2" id="ans2" type="text" onfocus="_('status').innerHTML='';" maxlength="100">
<br /><br />
<input name="email" id="email" type="hidden" value="<?php echo $email; ?>" />
<button id="anssubmitbtn" onclick="forgotpasscon()">Submit</button>
<p id="status"></p>
</form>
</div>
<?php include_once("template_pageBottom.php"); ?>
</body>
</html>