堆栈内存溢出
  简体   繁体   English

如何通过电子邮件发送用户新链接来创建密码

[英]How to Email user new link to create a password

 原文  2013-03-03 21:44:49       php/ email/ passwords/ reset

问题描述

According to this other post, I need to: 根据这篇文章,我需要:

PHP password recovery You don't 'recover' passwords. PHP密码恢复您没有“恢复”密码。 What you do is one of 2 things. 你做的是两件事之一。

  1. Email the user a link to create a new password, overriding the current one. 通过电子邮件向用户发送一个链接以创建新密码,覆盖当前密码。
  2. Email the user a randomly generated password, then ask them to change it. 通过电子邮件向用户发送随机生成的密码,然后让他们更改密码。

I've bitten off a huge project, and I desperately request working examples, or at least your best advice on how to do this; 我已经咬了一个大项目,我拼命地请求工作实例,或者至少是你如何做到最好的建议; for ex: #1 email user link to create a new password, overriding the current one. 例如:#1电子邮件用户链接以创建新密码,覆盖当前密码。 I am told the db has password salting, and uses Blowfish. 我被告知db有密码salting,并使用Blowfish。 I really do not know exactly what that means, and I am going over the code to try to figure out how to add a "Reset Password?" 我真的不知道究竟是什么意思,我正在查看代码以试图找出如何添加“重置密码?” link to their current login page. 链接到他们当前的登录页面。

Then, if you are so inclined, could you assist with how to email the user a randomly generated pw, then as them to change it [#2 above? 然后,如果您如此倾向,您是否可以协助如何通过电子邮件向用户发送随机生成的pw,然后将其更改为[上面的#2?

The tasks are as-is and I don't know what code to provide so far; 任务是按原样的,我不知道到目前为止提供什么代码; I'm hoping someone who has done this can show me what works, and I will try to implement it. 我希望有人这样做可以告诉我什么有用,我会尝试实现它。 I appreciate your help! 我感谢您的帮助!

1 个解决方案

解决方案1
 4  2013-03-04 09:27:39

The usual way to generate password resets looks like this: 生成密码重置的常用方法如下所示:

  1. Check that the email address belongs to a registered user. 检查电子邮件地址是否属于注册用户。
  2. Generate a random unpredictable code. 生成随机不可预测的代码。
  3. Store this code hashed in the database, together with the user-id and an expiry date. 将此代码存储在数据库中,同时存储用户ID和有效期。
  4. Send a link with this code to the given email address, so only the user itself will get this link. 将包含此代码的链接发送到指定的电子邮件地址,以便只有用户自己才能获得此链接。
  5. When the user clicks the link, extract the code, and check if its hash is in the database. 当用户单击链接时,提取代码,并检查其散列是否在数据库中。
  6. If it is in the database and did not already expire, you know the user-id and you can allow the user to enter a new password (do not send a self generated password to the user). 如果它在数据库中并且尚未到期,则您知道用户ID,并且您可以允许用户输入新密码(不要向用户发送自生密码)。
  7. Mark the code as used or delete it from the database. 将代码标记为已使用或将其从数据库中删除。

I hope this could give you an idea of the necessary steps. 我希望这可以让你了解必要的步骤。 If you want to learn more about BCrypt and salting, you can have a look at this tutorial about hashing passwords. 如果您想了解有关BCrypt和salting的更多信息,可以查看本教程中有关散列密码的内容。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 为 laravel 中的用户创建新密码 - Create a new password for user in laravel 用户忘记密码时将密码链接发送到电子邮件 - Sending password link to email when user forget password 管理员从管理仪表板创建新用户后,Laravel 发送“创建密码电子邮件” - Laravel Send "create password email" after admin created new user from Admin Dashboard 如何发送带有链接的电子邮件以在 PHP 中重置密码 - How to send an email with a link to reset password in PHP 以magento编程方式创建并向客户重置密码链接发送电子邮件 - Create and send email to customer reset password link programmatically in magento Moodle API创建用户,生成密码和电子邮件用户 - Moodle API create user, generate password and email user 如何从Wordpress中的新用户欢迎电子邮件中的密码链接中删除&lt;&gt;字符? - How can I remove the <> characters from the password link in the new user welcome e-mail in Wordpress? Magento密码字段在新帐户创建电子邮件中为空白 - Magento password field is blank in new account create email 在恢复密码电子邮件中使用md5密码作为令牌有多不安全? - how unsafe is to user the md5 password as token in the recover password email? 如何定期为用户生成新密码并通知用户新密码? - How to generate a new password for users periodically and notify user of new password?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM