我在php / silex / twig中建立了一个密码重置系统,该系统将向用户发送带有唯一令牌的密码重置链接.用户访问确认新密码页面后,系统会提示您输入新密码并确认该密码.然后,我有一个功能Confirm_new_password,用于检查密码是否相同(如果它们是更新该特定用户的数据库,然后删除令牌).正如我在数据库中看到的那样,密码更改后一切正常.
但是,我的问题是,当用户尝试使用新密码登录时,我的Flash消息出现错误,提示情况并非如此,详细信息是错误的.
当我使用password_hash函数时,我认为可能与此有关,但是我在将新密码输入数据库之前对其进行了哈希处理,并且正在使用我的登录功能中的password_verify函数运行检查.
最初,我读了this,开始帮助构建重置功能,包括帮助生成随机令牌和带有到期时间的一个时间URL的其他功能.
之后,我阅读了this,这有助于我理解我需要传递隐藏的输入,以便可以根据用户重置密码的方式更新post变量.但是重置密码后似乎无法通过登录问题.
这是我的确认新密码功能
public function confirm_new_password($password1,$password2,$email,$token){
if($password1 === $password2){
$password1 = mysqli_real_escape_string($this->link,$password1);
$password1 = password_hash($password1,PASSWORD_BCRYPT);
$result = mysqli_query($this->link,"update user set password='{$password1}' where email='{$email}' ");
$result1 = mysqli_query($this->link,"update user set token='' where email = '{$email}' ");
return true;
}else{
return false;
}
}
这是树枝模板;
<form class="form-signin" action="/confirm-new-password" method="post">
<h2 class="form-heading">Confirm New Password</h2>
<label for="inputNewPass1" class="sr-only">New Password</label>
<input type="password" id="inputNewPass1" class="form-control" name="pass1" placeholder="New Password" required>
<label for="inputNewPass2" class="sr-only">Re-Type New Password</label>
<input type="password" id="inputNewPass2" class="form-control" name="pass2" placeholder="Re-type New Password" required>
{% if test is defined %}
<input type="hidden" name="email" value="{{ test.email }}">
<input type="hidden" name="token" value="{{ test.token }}">
{% endif %}
<div class="spamCheck">
<label for="inputPostcode" class=sr-only">Postcode</label>
<input type="text" id="inputPostcode" class="form-control" name="postcode" placeholder="Leave this field blank" />
</div>
<button class="btn btn-lg btn-default btn-block" type="submit">Reset Password</button>
</form>
这是后控制器代码;
$app->post('/confirm-new-password', function(Request $request) use($app){
$password1 = $app['request']->get('password1');
$password2 = $app['request']->get('password2');
$email = $app['request']->get('email');
$token = $app['request']->get('token');
if($app['auth']->confirm_new_password($password1,$password2,$email,$token)){
return $app->redirect('/login');
}else{
return $app->redirect('/');
}
});
我要提到的是,该登录名对其他用户而言运行良好,只是在重置密码后才停止工作.以下是登录功能;
public function login($email, $password) {
$email = mysqli_real_escape_string($this->link, $email);
$result = mysqli_query($this->link, "select email, password,type from user where email = '{$email}'");
$row = mysqli_fetch_assoc($result);
if(password_verify($password,$row['password'])){
$user = array('email' => $row['email'], 'type' => $row['type']);
$this->session->set('user', $user);
return true;
} else {
return false;
}
}
这是登录的后控制器方法;
$app->post('/login', function(Request $request) use($app) {
$email = $app['request']->get('email');
$password = $app['request']->get('password');
$postcode = $app['request']->get('postcode');
$post = array($email,$password,$postcode);
$app['auth']->spamBotCheck($post);
$app['auth']->honeyPotCheck($postcode);
if ($app['auth']->login($email, $password)) {
$app['session']->getFlashBag()->add('success','Success! You are now logged in.');
return $app->redirect('/');
} else {
$app['session']->getFlashBag()->add('error','Error! There was an error with your login details, please try again');
return $app->redirect('/login');
}
});
我收到Flash错误,说我的登录详细信息有错误
解决方法:
将我的评论转为其他/免费的答案.
除了给出的其他答案;我看到的方式是,您使用的是name =“ pass1”和name =“ pass2”,但您正在执行get(‘password1’)和get(‘password2’).
>他们需要匹配.
将error reporting添加到文件顶部,这将有助于发现错误.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Then the rest of your code
旁注:显示错误仅应在登台中进行,而不应在生产中进行.