Skip to main content
C
CalvinCCCC
Inspiring
March 28, 2013
解決済み

Question about reset password in lesson08 of David Powers (Dreamweaver CS5 with PHP)

  • March 28, 2013
  • 返信数 1.
  • 947 ビュー

I'm at the page 299 that found a problem in reset password. I managed to received email of link to reset password. In the reset password form, why no checking of password length entered or password unmatch with confirmed password input ? Instead it displays error message of 'Sorry, there was an error. Make sure you used the complete URL in the email you received. The URL can be used to change your password only once. If necessary...' The error message of 'Passwords don't match' or 'Use 8-15 letters or numbers only' not processed.

Please help !

Thank You

このトピックへの返信は締め切られました。
解決に役立った回答 David_Powers

This is a known error in the code in the book and on the CD. The correction has been posted on my website at http://foundationphp.com/phpcs5/errata.php.

The fix is simple. You need to wrap the following line in a conditional statement:

$_SESSION['nomatch'] = TRUE;

The amended code looks like this:

if (!isset($_SESSION['user_id'])) {

    $_SESSION['nomatch'] = TRUE;

}

返信数 1

David_Powers
David_Powers
Inspiring
March 28, 2013

Did the link contain a query string like the one in the screenshot in step 10 on page 293? It needs to contain variables for the id and token. Also, the token stored in the database needs to be 32 characters in length (see the database table structure on page 221).

If the query string appended to the URL is incomplete (which might happen if the token is broken across two lines), clicking the link will result in the same error as shown in step 8 on page 297.

C
CalvinCCCC作成者
Inspiring
March 28, 2013

I can see the 32 characters attached to URL and also I can see the 32 characters stored in database. It actually can reset the the password if entered within the requirement of 8-15. But when I entered less than 8, it does not show the error message of 'Use 8-15 letters or numbers only'.

I noticed that $_SESSION['nomatch'] was assigned to True after the validation of 8-15 length. Below is the code for reference.

<?php

session_start();

$errors = array();

$success = FALSE;

$_SESSION['nomatch'] = TRUE;

require_once('library.php');

try {

  if (isset($_GET['id']) && isset($_GET['token'])) {

          $id = $dbRead->quote($_GET['id']);

          $token = $dbRead->quote($_GET['token']);

          $sql = "SELECT user_id FROM users WHERE user_id = $id AND token = $token";

          $result = $dbRead->fetchRow($sql);

          if ($result) {

      $_SESSION['user_id'] = $_GET['id'];

            $_SESSION['token'] = $_GET['token'];

            $_SESSION['nomatch'] = FALSE;

          }

  }

  if (isset($_POST['reset'])) {

          // password reset code goes here

          $val = new Zend_Validate();

          $val->addValidator(new Zend_Validate_StringLength(8,15));

          $val->addValidator(new Zend_Validate_Alnum());

          if (!$val->isValid($_POST['password'])) {

            $errors['password'] = 'Use 8-15 letters or numbers only';

          }

          $val = new Zend_Validate_Identical($_POST['password']);

          if (!$val->isValid($_POST['conf_password'])) {

            $errors['conf_password'] = "Passwords don't match";

          }

          if (!$errors) {

            // update the password

            $data = array('password' => sha1($_POST['password']),

                          'token'    => NULL);

            $where['user_id = ?'] = $_SESSION['user_id'];

            $where['token = ?'] = $_SESSION['token'];

            $success = $dbWrite->update('users', $data, $where);

            unset($_SESSION['user_id']);

            unset($_SESSION['token']);

            unset($_SESSION['nomatch']);

          }

  }

} catch (Exception $e) {

  echo $e->getMessage();

}

David_Powers
David_Powers
Inspiring
March 28, 2013

Thank you very much ! It should be working this time.

I will test it again once I solved my email sending issue. I just posted to you about the email sending problem when running forgotten.php. Initially everything is fine until when I got the message 'No connection could be made because the target machine actively refused it'. You can refer to my posting at http://forums.adobe.com/message/5187274#5187274.

Appreciate if you can help to solve it.


I've replied in the other thread. When the issues have been fixed, please mark the answer as correct. This will help others who might run into the same or similar problems.

契約条件Accessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices