寻找一些好的选项来向用户发送重置密码电子邮件
我想在忘记密码时向用户发送电子邮件,提示他们重置密码。我知道这是有争议的,并且正在寻找一些好的选项/建议/方法/文章可供选择。
我提示用户使用一个简单的脚本按下“忘记密码”链接,其中 PHP 部分执行以下操作:
$Email = $_POST['email'];
$success = false;
$formError = false;
if(isset($_POST['sub_forgot_pw'])) {
if(empty($_POST['email'])) {
$formError = "true";
$error = "Please enter your e-mail address.";
}else{
$to = $Email;
$subject = "Password Help";
$message = "To reset your password, please <a href='http://www.blahblahblah.org'>Click here</a><br /><br />Do LIFE,<br /> The Team";
$from = "CysticLife <[email protected]>";
$headers = 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\n";
$headers .= "From: $from";
if(mail($to, $subject, $message, $headers));{
$success = "true";
}
}
}
I want to send emails to users when the forget their passwords that prompt them to reset their passwords. I know this is debatable and was looking for a few good options/suggestions/methods/articles to choose from.
I'm prompting users to press a 'forgot password' link with a simple script with the PHP portion doing this:
$Email = $_POST['email'];
$success = false;
$formError = false;
if(isset($_POST['sub_forgot_pw'])) {
if(empty($_POST['email'])) {
$formError = "true";
$error = "Please enter your e-mail address.";
}else{
$to = $Email;
$subject = "Password Help";
$message = "To reset your password, please <a href='http://www.blahblahblah.org'>Click here</a><br /><br />Do LIFE,<br /> The Team";
$from = "CysticLife <[email protected]>";
$headers = 'MIME-Version: 1.0' . "\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\n";
$headers .= "From: $from";
if(mail($to, $subject, $message, $headers));{
$success = "true";
}
}
}
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这就是我所做的:
我有 Reset_password 表。当有人要求重置时,他们通常会点击您网站上的“忘记密码”链接,在其中输入注册时使用的电子邮件,然后您的系统会发送一个链接。
当然,您首先要查明用户是否已注册。通过从 email = $_POST['email'] 的用户中进行选择。
如果它们存在,请制作一个随机生成的令牌,就像
Buh Buh 在下面的评论中所表达的那样,您可能需要使用一些不太明显的东西来生成您的令牌。如果您愿意,crypt() 可以接受盐模式。
在reset_password 表中插入请求(电子邮件和令牌),然后向他们发送类似的链接
,然后在该文件中获取$_GET['token'] 并将其与reset_password 表交叉引用。如果令牌有效,您将向他们提供一份表格,要求他们输入新密码。
提交后,选择具有与该令牌相关的电子邮件地址的用户并更新用户表。
Here's what I do:
I have reset_password table. When someone asks for a reset, they usually click a link on your site that says "forgot password" where they enter their email they registered with and your system sends a link.
Of course you begin with finding out if the user is registered at all. by selecting from users where email = $_POST['email'].
If they exist, make a randomly generated token, like
But as Buh Buh expressed in the comment below, you may want to use something a little less obvious to generate your token. crypt() can accept a salt pattern if you like.
Insert the request (email and token) in the reset_password table, then you send them a link like
Then in that file you take the $_GET['token'] and cross reference it with the reset_password table. If the token is valid, you present them with a form that asks for their new password.
Upon submit, select the user with the email address related to that token and update the user table.
任何嗅探网络的人都存在丢失 URL 的危险。为了避免这种情况,您可以生成一个随机短密钥(例如 vX4dq)并将其保存在数据库中。请用户记住这一点。当用户通过链接重置时,要求他/她输入只有他自己知道的密钥。
高级:- 您可以在验证码中显示此密钥,这样它就不会被嗅探。
There is a danger of loosing out the url to anyone who sniffs network. To avoid this, you may generate a random short key such as vX4dq and save it in your database. Ask user to remember this. When a user resets via the link, ask him/her to enter this key only known to him.
Advanced :- you may show this key in a captcha so that it doesn't get sniffed.