当前位置: 文江博客话题详情

三步而不是四步忘记密码功能

发布于 2024-12-22 03:23:56 字数 747 浏览 5 评论 0原文

我正在使用 EZ Publish CMS:

当前发生的情况:

  1. 在忘记密码页面中,用户输入他们输入的电子邮件地址 用于注册和提交

  2. 用户收到一封包含密码生成链接的电子邮件,其中 使用哈希来确认其身份。

  3. 用户收到一封包含新生成的密码的电子邮件

  4. 用户使用电子邮件中的链接返回网站 到一个要求旧密码的表单(刚刚生成的 并已发送到他们的电子邮件)并让他们输入新的 密码。

我想要发生的事情:

  1. 从“忘记密码”页面,用户输入他们的电子邮件地址 用于注册和提交

  2. 用户收到一封电子邮件,其中包含“输入新密码”表单的链接

  3. 在“输入新密码”页面上密码”形式,用户不需要输入旧的 密码,因为身份已经通过哈希确认 因此只需输入新密码即可。

我正在使用 EZMBPAEX 扩展,它具有原始的 4 个步骤过程。 似乎没有任何关于删除“通过电子邮件向用户发送新密码”步骤的文档或讨论,但我的客户有非常严格的不通过电子邮件发送密码政策,所以我不能灵活处理这。

有谁知道在哪里可以找到有关如何编辑此功能的文档?

我认为需要编辑的文件位于:
/extension/ezmbpaex/modules/userpaex/forgotpassword.php

原文

I am using the EZ Publish CMS:

What is currently happening:

  1. From the forgot password page, user enters the email address that they
    used to register and submits

  2. User receives an email with a password generating link which
    uses a hash to confirm their identity.

  3. User receives an email with a freshly generated password

  4. User returns to site using the link from their email which takes them
    to a form that asks for the old password (which was just generated
    and has been sent to their email) and for them to enter a new
    password.

What I want to happen:

  1. From the "forgot password" page, user enters the email address that they
    used to register and submits

  2. User receives an email with a link to the "enter new password" form

  3. On the "enter new password" form, user is not required to enter old
    password because identity has already been confirmed by hash and
    therefore only has to enter the new password.

I am using the EZMBPAEX extension which has the original 4 step process.
There doesn't seem to be any documentation or discussion about removing the "email the user a new password" step but my client has a very strict no passwords sent by email policy so I can't flex on this.

Does anyone know where I can find documentation on how to edit this functionality?

I think the file that will need to be edited is located in:
/extension/ezmbpaex/modules/userpaex/forgotpassword.php

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

淡忘如思 2024-12-29 03:23:56

首先创建一个函数来为您生成一个随机字符串,假设您需要创建一个 32 个字符的随机字符串,选择您想要的任意数量的字符

函数生成随机代码,该代码将通过电子邮件发送并添加到数据库

 function genRandomString() {
 $length = 32;
 $characters = "0123456789abcdefghijklmnopqrstuvwxyz";
$string ="";
for ($p = 0; $p < $length; $p++) {
    $string .= $characters[mt_rand(0, (strlen($characters))-1)];
}

return $string;
}

下一步,使用 php myAdmin 创建一个新表,该表名为forged_pa​​sses,其中包含三列,假设您已经这样做了,

   $key = genRandomString(); // assign random code
$assign = $db->query("INSERT INTO `YOUR_DB_NAME`.`forgotten_pass` (`email` ,`randomKey` , `time`)

    VALUES ('$email', '$key', CURRENT_TIMESTAMP );");

下一步发送一封电子邮件,其中包含指向您的resetpassword.php页面的链接(用户要求选择新密码的页面)并确认它,但不要忘记将生成的密钥分配给 get 变量,这很简单,只需当您链接

www.yourdomain.com/pass_reset.php ( ADD ?secretkey=THE_GENERATED_HERE )

时,链接就会发送到电子邮件地址需要重置密码的人的信息应包含以下内容:

您好用户名,要重置您的密码,请单击下面的链接或将其复制/粘贴到您的浏览器中

链接:http://www.yourdomain.com/pass_reset.php?secretKey=a12s236d5c8d4fkejus10a1s2d4c8741

当用户点击该链接,他将转到一个页面,该页面验证他的电子邮件及其在sql数据库中相应的随机密钥,如果发现确实有一封电子邮件和该随机密钥,那么用户确实确认了这是电子邮件,因此该页面应该包含如下所示:

    <?php 
   if (isset($_GET['secretKey'])) {
   $secretKey = $_GET['secretKey'];

     // Check wether it really exist in database
   $sql = 'select * from forgotten_pass WHERE email=$The_User_Email and  randomKey='$secretKey'';

       }

现在,只需计算行数,看看是否有返回的数据,如果有返回的数据,而不是用户真正连接到其收件箱并单击了链接。

只需执行以下操作:

     if mysql_num_rows($sql)>0 {         echo "Success, ";
     ?>
     // in this part type the html code which displays two inputs text, password
     // and confirm password that connect to database and update the user's password

     <form method="post" action="passupdate.php">
     <input name="password" value =""/>
     <input name"confirmedPassword" value=""/>
     <input type="submit" value="Save my new password"> 
     </form>
      <?php

      } else {

     echo "Sorry, invalid reset link";

     }

First of All create a function to generate a random string for you, let's say you need to create a random string of 32 caracters, choose any number of caracters you want

Function to generate random code which will be sent by email and added to db

 function genRandomString() {
 $length = 32;
 $characters = "0123456789abcdefghijklmnopqrstuvwxyz";
$string ="";
for ($p = 0; $p < $length; $p++) {
    $string .= $characters[mt_rand(0, (strlen($characters))-1)];
}

return $string;
}

Next, create a new table using php myAdmin, a table names forgotten_passes which contain three columns, let's say you already did that

   $key = genRandomString(); // assign random code
$assign = $db->query("INSERT INTO `YOUR_DB_NAME`.`forgotten_pass` (`email` ,`randomKey` , `time`)

    VALUES ('$email', '$key', CURRENT_TIMESTAMP );");

Next send an email which contain a link to your resetpassword.php page ( the page where user asked to choose a new password and confirm it, but do not forget to assign the generated key to a get variable , that's easy, just when you the link

www.yourdomain.com/pass_reset.php ( ADD ?secretkey=THE_GENERATED_HERE )

so the link sent to the email adresse of the person who need to reset the password should contain something like :

Hello username, to reset your password click on the link below or copy/past it into your browser

The link : http://www.yourdomain.com/pass_reset.php?secretKey=a12s236d5c8d4fkejus10a1s2d4c8741

When user click on the link, he will go to a page which verify his email and its corresponding random key in sql database, if it found that there are really an email and that random kay, then the user is really confirmed it's email, so this page should contain something like below :

    <?php 
   if (isset($_GET['secretKey'])) {
   $secretKey = $_GET['secretKey'];

     // Check wether it really exist in database
   $sql = 'select * from forgotten_pass WHERE email=$The_User_Email and  randomKey='$secretKey'';

       }

Now, just count the number of rows to see if there are returned data, if there are returned data than the user really connected to its inbox and clicked the link.

Just do the following :

     if mysql_num_rows($sql)>0 {         echo "Success, ";
     ?>
     // in this part type the html code which displays two inputs text, password
     // and confirm password that connect to database and update the user's password

     <form method="post" action="passupdate.php">
     <input name="password" value =""/>
     <input name"confirmedPassword" value=""/>
     <input type="submit" value="Save my new password"> 
     </form>
      <?php

      } else {

     echo "Sorry, invalid reset link";

     }
回复 原文
じ违心 2024-12-29 03:23:56

当我更新插件时,它有我想要的步骤数。

When I updated the plugin it had the number of steps I wanted.

回复 原文
~没有更多了~

关于作者

云淡风轻

暂无简介

文章
评论
28 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

qq_aHcEbj

文章 0 评论 0

qq_ikhFfg

文章 0 评论 0

寻找我们的幸福

文章 0 评论 0

把昨日还给我

文章 0 评论 0

wj_zym

文章 0 评论 0

巴黎夜雨

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文