堆栈内存溢出
  简体   繁体   English

使用bcrypt密码-忘记密码的电子邮件

[英]Using bcrypt for passwords- forgotten password email

 原文  2016-04-05 10:05:12       php/ mysqli/ bcrypt

问题描述

I have recently implemented bcrypt for user passwords. 我最近为用户密码实现了bcrypt。 I have managed to get the password to hash when the user registers, and they can login to their account with the password they registered with (not the hashed version) by comparing them against each other. 我设法使密码在用户注册时进行哈希处理,并且他们可以通过相互比较来使用注册时使用的密码(不是哈希版本)登录到自己的帐户。 My problem is- I am working on a forgotten password email page that sends an email to the user stating their password, HOWEVER it sends the hashed version. 我的问题是-我正在一个忘记密码的电子邮件页面上工作,该页面向用户发送一封电子邮件,说明他们的密码,但是它会发送哈希版本。 Is there any way around this that I could state the old one or is this impossible? 有什么办法可以解决这个问题吗?还是不可能? I know this is not very safe, however it is only a small personal project I am completing and is not live. 我知道这不是很安全,但是这只是我正在完成的一个很小的个人项目,并且不可行。

Here is my forgot.php 这是我的forgot.php 

<?php
if (isset($_POST['email'])){
$email = $_POST['email'];
$sql="select * from user where email='$email'";
$result   = mysqli_query($mysqli_conn, $sql);
$count=mysqli_num_rows($result);

if($count==1)
{
    $rows=mysqli_fetch_array($result);
    $pass  =  $rows['password'];//FETCHING PASS
    //echo "your pass is ::".($pass)."";
    $to = $rows['email'];
    //echo "your email is ::".$email;
    //Details for sending E-mail
    $from = "Website";
    $url = "www.website.com";
    $body  =  "Password recovery
    -----------------------------------------------
    Url : $url;
    <br> Your email details: $to;
    <br>Here is your password  : $pass;
    <br><br>Sincerely,
    Find-a-room";
    $from = "myemail@email.com";
    $subject = "Password recovered";
    $headers1 = "From: $from\n";
    $headers1 .= "Content-type: text/html;charset=iso-8859-1\r\n";
    $headers1 .= "X-Priority: 1\r\n";
    $headers1 .= "X-MSMail-Priority: High\r\n";
    $headers1 .= "X-Mailer: Just My Server\r\n";
    $sentmail = mail ( $to, $subject, $body, $headers1 );
   } else {
if ($_POST ['email'] != "") {
echo "<span> Not found your email in our database</span>";
    }
    }


if($sentmail==1)
{
    echo "<span style='color: #ff0000;'> Your Password Has Been Sent To Your 
Email Address.</span>";
}
    else
    {
    if($_POST['email']!="")
    echo "<span style='color: #ff0000;'> Cannot send password to your e-mail 
address.Problem with sending mail...</span>";
}
}
?>

<form action="" method="post">
    <label> Enter your User ID : </label>
    <input id="email" type="text" name="email" />
    <input id="button" type="submit" name="button" value="Submit" />
</form>

1 个解决方案

解决方案1
 0  2016-04-05 10:07:05

散列使​​用单向算法,因此您无法做到这一点,我也不建议以纯文本格式发送密码。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用bcrypt输入用户密码 - Using bcrypt for user passwords 在Laravel 5.4中自定义忘记密码电子邮件 - Customize Forgotten Password Email in Laravel 5.4 Laravel 5忘记密码电子邮件模板条件 - Laravel 5 forgotten password email template condition PHP:使用bcrypt进行密码加密 - PHP: Using bcrypt for password encryption 类使用bcrypt哈希密码 - Class to hash password using bcrypt 如何在发布之前散列密码然后使用BCRYPT? - How should I hash passwords before posting and then using BCRYPT? PHP-使用bcrypt哈希密码 - PHP - hashing passwords with bcrypt 无法比较BCRYPT密码 - Cannot compare BCRYPT passwords 使用CakePHP 3.4将纯文本密码迁移到Bcrypt - Migrate plain text passwords to Bcrypt using CakePHP 3.4 在webapp中忘记密码 - Forgotten password in webapp
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM