douyonglang4845 2015-09-18 15:59
浏览 25

无法弄清楚我做错了什么? PHP脚本重置密码

I got almost everything to work, below you can find the steps that I go through and that already work.

Step1) send an email (with created token) to the email of the user that wants to reset there password

Step2) The user clicks on the provided token link and gets redirected to the reset password form

The problem

Step3) To reset their password they need to fill in the new password and press the reset button. What happens is that everything goes as planned but the database is not updated? I checked if it had something to do with the password hash and salt, but I don't now if that has something to do with it? When registering with my script it creates a 64 byte hex password and 8 byte hex salt. Now when I use the same code, in the reset password script, it creates a password hash of 255 byte hex and also a larger salt then the register form.

Below you can find the code:

------------- DATABASE -------------

`password` char(64) COLLATE utf8_unicode_ci NOT NULL,

`salt` char(16) COLLATE utf8_unicode_ci NOT NULL,

------------- PHP Reset password -------------

require("connect.php");

$key = trim($_GET['key']);

$stmt = $db->prepare('SELECT resetToken, resetComplete FROM members WHERE resetToken = :token');
$stmt->execute(array(':token' => $key));
$row = $stmt->fetch(PDO::FETCH_ASSOC);

//if no token from db then kill the page
if(empty($row['resetToken'])){
    echo 'Invalid token provided, please use the link provided in the reset email.';
} elseif($row['resetComplete'] == 'Yes') {
    echo 'Your password has already been changed!';
}

if (!empty($_POST)) {
    if (empty($_POST['password'])) { 
        echo "Please enter a password!";
        exit();
    } 

    if (empty($_POST['retype'])) { 
        echo "Please retype password!";
        exit();
    } 

    if ($_POST['password'] != $_POST['retype']) { 
        echo "Password doesn't match!";
        exit();
    } 

    $query = "UPDATE members SET password = :password, salt = :salt, resetComplete = 'Yes'  WHERE resetToken = :token";
    $salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647)); 
    $password = hash('sha256', $_POST['password'] . $salt); 
    for ($round = 0; $round < 65536; $round++) { 
        $password = hash('sha256', $password . $salt); 
    }

    $query_params = array(  
        ':password' => $password, 
        ':salt' => $salt, 
        ':token' => $row['resetToken']
    ); 

    try { 
        // Execute the query to create the user 
        $stmt = $db->prepare($query); 
        $result = $stmt->execute($query_params); 
    } catch(PDOException $ex) { 
        die("Failed to run query");
    }

    echo "Change password success";
}
  • 写回答

0条回答 默认 最新

    报告相同问题?

    悬赏问题

    • ¥15 如何用Labview在myRIO上做LCD显示?(语言-开发语言)
    • ¥15 Vue3地图和异步函数使用
    • ¥15 C++ yoloV5改写遇到的问题
    • ¥20 win11修改中文用户名路径
    • ¥15 win2012磁盘空间不足,c盘正常,d盘无法写入
    • ¥15 用土力学知识进行土坡稳定性分析与挡土墙设计
    • ¥70 PlayWright在Java上连接CDP关联本地Chrome启动失败,貌似是Windows端口转发问题
    • ¥15 帮我写一个c++工程
    • ¥30 Eclipse官网打不开,官网首页进不去,显示无法访问此页面,求解决方法
    • ¥15 关于smbclient 库的使用