douxun3496 2017-06-02 00:19
浏览 83
已采纳

使用PHP向用户发送OTP后不会出现输入一次性密码的页面

I am working on a class project, but I am stuck a little bit.

I am working on a login form, which authorizes a user to enter a one-time-password that is being sent to the user's email.

So far, the otp and the current time and date are being saved to the database successfully.

I have also managed to send the code to the user's email but once it is sent, the page does not navigate to the form where the user is supposed to enter the one-time-password.

All that works is this part here:

    <form method="post" action="">
        .
        .
        .
    <div class="form-top-left">
        <h3>Log in</h3>
      </div>
         <div class="form-top-right">
            <i class="fa fa-key"></i>
         </div>
        <p id="profile-name" class="profile-name-card"></p>
        <?php if(!empty($error_message)) { ?>   
        <div class="error-message"><?php if(isset($error_message)) echo $error_message; ?></div>
        <?php } ?> 
        <span id="reauth-email" class="reauth-email"></span>
            <input type="email" id="inputEmail" name="form_email" class="form-control" placeholder="Email address" required autofocus>
            <input type="password" name="form_password" id="inputPassword" class="form-control" placeholder="Password" required>
            <input class="btn btn-lg btn-primary btn-block btn-signin" type="submit" name="login" value="Sign in">

        <div class="text-center">
        <a href="wlt_passwordreset.php" class="forgot-password">
            Forgot the password?
        </a>
        </div>
        <hr>
        <form class="form-signin" action="http://localhost/Dreamweaver/regist.php">
        <input type="submit" value="Sign Up" class="btn btn-lg btn-primary btn-block btn-signup">
        .
        .
        .
    </form>

What could be the problem?? Can someone please help me on this.Thank you.

Here is the html part:

<html>
<head>
<title>Home</title>
</head>

<body>
<div id="wrapper">

    <!-- Navigation -->
    <nav class="navbar navbar-inverse navbar-static-top" role="navigation" style="margin-bottom:20px">
        <div class="navbar-header">
            <a class="navbar-inverse" href="http://localhost/Dreamweaver/index.php"><img src="img/neza.png" alt="logo"></a>
        </div>
        <!-- /.navbar-header -->

    </nav>
    </div>

   <div class="container">
   <div class="card card-container"> 
   <form class="form-signin" method="post" action=""> 
   <?php 
    if($success == 1) { 
   ?>
               <div class="form-wrap">
                 <h2>A verification code has been sent to <?php  $row["form_email"] ?>. Please enter it below to verify your account.</h2>
                        <?php if(!empty($error_message)) { ?> 
                        <div class="error-message"><?php if(isset($error_message)) echo $error_message; ?></div>
                        <?php } ?> 
                    <div class="form-group">
                        <label for="key">Verification Code:</label>
                        <input type="password" name="otp" id="key" class="form-control">
                    </div>
                    <input type="submit" id="btn-login" class="btn btn-custom btn-lg btn-block" name="submit_otp" value="Verify Account">
                 <h2>Did not receive the verification code?</h2>
                 <!---- <form id="login-form"> ------>
                 <input type="submit" id="btn-login" class="btn btn-custom1 btn-lg btn-block" value="Resend Code">
                <!----- </form> ----->
              </div> <!---/form-wrap----->
        <?php 
        } elseif ($success == 2) {
            header("Location: fomu.php");
        }else {
        ?>
      <div class="form-top-left">
        <h3>Log in</h3>
      </div>
         <div class="form-top-right">
            <i class="fa fa-key"></i>
         </div>
        <p id="profile-name" class="profile-name-card"></p>
        <?php if(!empty($error_message)) { ?> 
        <div class="error-message"><?php if(isset($error_message)) echo $error_message; ?></div>
        <?php } ?> 
        <span id="reauth-email" class="reauth-email"></span>
            <input type="email" id="inputEmail" name="form_email" class="form-control" placeholder="Email address" required autofocus>
            <input type="password" name="form_password" id="inputPassword" class="form-control" placeholder="Password" required>
            <input class="btn btn-lg btn-primary btn-block btn-signin" type="submit" name="login" value="Sign in">
            
        <div class="text-center">
        <a href="wlt_passwordreset.php" class="forgot-password">
            Forgot the password?
        </a>
        </div>
        <hr>
        <form class="form-signin" action="http://localhost/Dreamweaver/regist.php">
        <input type="submit" value="Sign Up" class="btn btn-lg btn-primary btn-block btn-signup">
        </form>
         <?php 
        }
        ?>
    </form>
    </div><!-- /card-container -->
    <div class="container">
            <div class="row">
                    <div class="col-lg-12 col-md-12 col-sm-12">
                    <div class="text-centre">
                        <a class="text-new" href="#">Privacy|</a>
                        <a class="text-new" href="#">Security|</a>
                        <a class="text-new" href="#">Fees</a>
                    </div>
                </div> <!---/row--->
                
            </div> <!---/container--->
     </div><!-- /container1--> 

    

     <!-- jQuery -->
    <script src="js/jquery-1.11.1.min.js"></script>


    <script src="logwin.js"></script>
    <script src="bootstrap.min.js"></script>
    <script src="js/mscript.js"></script>
    <script src="js/scripts.js"></script>
    <script src="js/jquery.backstretch.min.js"></script>

    </body>
    </html>

Here is the dbtest.php used to INSERT TO the db:

<?php
class DBController {
private $host = "localhost";
private $user = "root";
private $password = "myPassword";
private $database = "myDB";
private $conn;

function __construct() {
    $this->conn = $this->connectDB();
}

function connectDB() {
    $conn = mysqli_connect($this->host,$this->user,$this->password,$this->database);
    return $conn;
}

function runQuery($query) {
    $resultset = [];
    $result = mysqli_query($this->conn,$query);
    while($row=mysqli_fetch_assoc($result)) {
        $resultset[] = $row;
    }       
        return $resultset;
}

function numRows($query) {
    $result  = mysqli_query($this->conn,$query);
    $rowcount = mysqli_num_rows($result);
    return $rowcount;   
}

function updateQuery($query) {
    $result = mysqli_query($this->conn,$query);
    if (!$result) {
        die('Invalid query: ' . mysqli_error($this->conn));
    } else {
        return $result;
    }
}

function insertQuery($query) {
    $result = mysqli_query($this->conn,$query);
    if (!$result) {
        die('Invalid query: ' . mysqli_error($this->conn));
    } else {
        return $result;
    }
}

function deleteQuery($query) {
    $result = mysqli_query($this->conn,$query);
    if (!$result) {
        die('Invalid query: ' . mysqli_error($this->conn));
    } else {
        return $result;
    }
}
function generate_OTP($length = 8, $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPRQSTUVWXYZ0123456789'){
            $chars_length = (strlen($chars) - 1);
            $string = $chars{rand(0, $chars_length)};
                for ($i = 1; $i < $length; $i = strlen($string)){
                $r = $chars{rand(0, $chars_length)};
                    if ($r != $string{$i - 1}) $string .=  $r;
                }
                return $string;
            }
function getConn(){
    return $this->conn;
}
}
?>

Here is the PHP code that I am referring to:

<?php 
session_start();
$success = "";
require_once('dbtest.php');
$db = new DBController();
if(isset($_POST["login"])) {
   $result = $db->runQuery("SELECT * FROM registered_users WHERE 
   form_email='" . $_POST["form_email"] . "' AND status = 'active' ");
 if (!empty($result)){
    foreach($result as $row){
        //Verify password
         if ( $row['form_password'] === crypt( $_POST["form_password"], $row['form_password'] ) ) {
            $otp = $db->generate_OTP();
            require_once("mail_function.php");
            $mail_status = sendOTP($_POST["form_email"],$otp);
            if($mail_status == 1) {
            $query = "UPDATE registered_users SET `otp` = '" . $otp . "', `is_expired` = 0, `create_at` = '" . date("Y-m-d H:i:s"). "'  WHERE form_email = '" . $_POST["form_email"] . "'";
            $result = $db->updateQuery($query);
                if(!empty($result)){
                $current_id = mysqli_insert_id($db->getConn());
                        if(!empty($current_id)) {
                            $success = 1;
                        }
                }
            } 
         }
         else {
             $error_message = "Email or password is incorrect!";
         }
    }
}
else {
     $error_message = "Email or password is incorrect!";
     }
}
if(isset($_POST["submit_otp"])) {
  $result = $db->runQuery("SELECT * FROM registered_users WHERE otp='" . $_POST["otp"] . "' AND is_expired!=1 AND NOW() <= DATE_ADD(create_at, INTERVAL 24 HOUR)");
if(!empty($result)) {
    $query = "UPDATE registered_users SET `is_expired` = 1 WHERE otp = '" . $_POST["otp"] . "'";
    $result = $db->updateQuery($query);
    $success = 2;   
}else {
    $success = 1;
    $error_message = "Invalid OTP!";
 }  
}
?>

</div>
  • 写回答

1条回答 默认 最新

  • duanna2026 2017-06-02 00:56
    关注

    Bad syntax: you have the <html> tag inside the <form>, that should not happen. The <html> should only be used once at the beginning to open it and end at the end to close it.

    UPDATE:

    Also, mysqli_insert_id() expects the link identifier of the last mysqli_connect used. In your code, youre supplying it with $conn, but $conn is not whats being used in the DBController class.

    To fix this:

    1. add this method to you DBController class:

      function getConn(){
    return $this->conn;
}

    2. then change this:

      $result = $db_handle->insertQuery($query);
if (!empty($result)) {
    $current_id = mysqli_insert_id($conn);
    if (!empty($current_id)) {
        $success = 1;
    }
}

      to this:

      $result = $db_handle->insertQuery($query);
if (!empty($result)) {
    $current_id = mysqli_insert_id($db_handle->getConn());
    if (!empty($current_id)) {
        $success = 1;
    }
}

    UPDATE2:

    You asked this "After adding this method function getConn(){ return $this->conn; } I find some errors working with mysqli_fetch_array(). I am using if(!empty($result->num_rows)){while($rowcount = $result->fetch_assoc()){$row['password'];}}"

    look at what runQuery() does:

    function runQuery($query) {
    $result = mysqli_query($this->conn,$query);
    while($row=mysqli_fetch_assoc($result)) {
        $resultset[] = $row;
    }       
    if(!empty($resultset))
        return $resultset;
}

    it runs your SQL query, then if there are any results, it returns an array $resultset.. The problem is that you are not accounting for empty results. So lets add that, change it to this:

    function runQuery($query) {
    $resultset = [];
    $result = mysqli_query($this->conn,$query);
    while($row=mysqli_fetch_assoc($result)) {
        $resultset[] = $row;
    }
    return $resultset;
}

    Now it will return an empty array, or an array with your results.

    And you can call it with: 

    $result = $db->runQuery("SELECT * FROM registered_users WHERE form_email='" . $_POST["form_email"] . "' AND status = 'active' ");

    and use $result like this:

    if(!empty($result)){
   foreach($result as $row){
      echo $row['password'];
   }
}
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥20 软件测试决策法疑问求解答
  • ¥15 win11 23H2删除推荐的项目,支持注册表等
  • ¥15 matlab 用yalmip搭建模型,cplex求解,线性化处理的方法
  • ¥15 qt6.6.3 基于百度云的语音识别 不会改
  • ¥15 关于#目标检测#的问题:大概就是类似后台自动检测某下架商品的库存,在他监测到该商品上架并且可以购买的瞬间点击立即购买下单
  • ¥15 神经网络怎么把隐含层变量融合到损失函数中?
  • ¥15 lingo18勾选global solver求解使用的算法
  • ¥15 全部备份安卓app数据包括密码,可以复制到另一手机上运行
  • ¥20 测距传感器数据手册i2c
  • ¥15 RPA正常跑,cmd输入cookies跑不出来