I've got a basic registration, login, profile page webpage up and running and have recently begun implementing forgot password functionality.
Everything seems to be running, but my update queries just don't seem to fire.
For example, the code on my forgot password page creates a new reset key if the email address and things match and then emails the code inside a link (i.e www.mydomain.net/forgotpassword.php?key=xxx).
The page tests if a key is present when you land, the code of which is below:
include ('database_connection.php');
session_start();
if($_GET['key'])
{
$key = $_GET['key'];
$query_check_key = "SELECT * FROM password_reset WHERE Reset_link='$key' AND Expiration>=NOW() AND used=0";
$result_check_key = mysqli_query($dbc, $query_check_key);
$result_check_row = $result_check_key->fetch_array(MYSQLI_ASSOC);
if(!$result_check_key) {
echo "Error";
}
if (mysqli_num_rows($result_check_key) == 1)
{
// Update the database to set the "used" field to 1
$query_link_used = "UPDATE password_reset SET Used=1 WHERE Reset_link='$key'";
$result_link_used = mysqli_query($dbc, $query_activate_account) ;
$_SESSION['Memberid'] = $result_check_row['Memberid'];
header("Location: reset_password.php");
}
}
The if statement evaluates to true when I try this as the page is redirected to reset_password.php and the session is successfully created correctly. But when I check the database table the Used field has not been updated.
Similarly on the reset_password.php page the update query won't work either:
if (empty($error))
{
//Query to change password
$query_change_password = "UPDATE members SET Password=$hashed_password WHERE Memberid=$Memberid";
$result_change_password = mysqli_query($dbc, $query_change_password);
if (mysqli_affected_rows($dbc) > 0)//if update query was successful
{
echo '<div class="success">Your password has now been reset. You may now <a href="login.php">Log in</a></div>';
} else
{
echo '<div class="errormsgbox">Oops !Your password could not be reset. Please contact the system administrator.</div>';
}
mysqli_close($dbc);
}
The error array is definitely empty and the if statement checking the affected rows remains at 0 as that statement returns false and falls back to the else statement.
I've run the queries in PHPMyAdmin and they work fine so I cannot see what the issue is. Any help is greatly appreciated.
start session in your reset_password.php page and update query string:
session_start();
if (empty($error))
{
$Memberid = $_SESSION['Memberid'];
//Query to change password
$query_change_password = "UPDATE members SET Password='$hashed_password' WHERE Memberid='$Memberid'";
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다