寻找一些好的选项来向用户发送重置密码电子邮件

2022-01-22 00:00:00 reset passwords php html

我想在忘记密码时向用户发送电子邮件,提示他们重置密码.我知道这是有争议的,并且正在寻找一些好的选择/建议/方法/文章可供选择.

I want to send emails to users when the forget their passwords that prompt them to reset their passwords. I know this is debatable and was looking for a few good options/suggestions/methods/articles to choose from.

我正在提示用户按下一个带有 PHP 部分的简单脚本的忘记密码"链接:

I'm prompting users to press a 'forgot password' link with a simple script with the PHP portion doing this:

$Email = $_POST['email'];
$success = false;
$formError = false;

if(isset($_POST['sub_forgot_pw'])) {

    if(empty($_POST['email'])) {
        $formError = "true";
        $error = "Please enter your e-mail address.";
    }else{
        $to = $Email;
        $subject = "Password Help";
        $message = "To reset your password, please <a href='http://www.blahblahblah.org'>Click here</a><br /><br />Do LIFE,<br /> The Team";
        $from = "CysticLife <noreply@cysticlife.org>";
        $headers  = 'MIME-Version: 1.0' . "
";
        $headers .= 'Content-type: text/html; charset=iso-8859-1' . "
";
        $headers .= "From: $from";
        if(mail($to, $subject, $message, $headers));{
            $success = "true";
        }


    }

}

推荐答案

我是这样做的:

我有 reset_password 表.当有人要求重置时,他们通常会单击您网站上的一个链接,上面写着忘记密码",他们会在其中输入他们注册时使用的电子邮件,然后您的系统会发送一个链接.当然,您首先要确定用户是否已注册.通过从电子邮件 = $_POST['email'] 的用户中进行选择.如果它们存在,则制作一个随机生成的令牌,例如

I have reset_password table. When someone asks for a reset, they usually click a link on your site that says "forgot password" where they enter their email they registered with and your system sends a link. Of course you begin with finding out if the user is registered at all. by selecting from users where email = $_POST['email']. If they exist, make a randomly generated token, like

$token = md5($_POST['email'].time());

但正如 Buh Buh 在下面的评论中所表达的,您可能希望使用一些不太明显的东西来生成您的令牌.crypt() 如果你愿意,可以接受盐模式.

But as Buh Buh expressed in the comment below, you may want to use something a little less obvious to generate your token. crypt() can accept a salt pattern if you like.

在 reset_password 表中插入请求(电子邮件和令牌),然后向他们发送类似

Insert the request (email and token) in the reset_password table, then you send them a link like 

http://www.domain.com/resetpassword.php?token=<?php echo $token; ?>

然后在该文件中获取 $_GET['token'] 并将其与 reset_password 表交叉引用.如果令牌有效,您将向他们展示一个要求他们输入新密码的表格.提交后,选择具有与该令牌相关的电子邮件地址的用户并更新用户表.

Then in that file you take the $_GET['token'] and cross reference it with the reset_password table. If the token is valid, you present them with a form that asks for their new password. Upon submit, select the user with the email address related to that token and update the user table.

相关文章