如何从令牌获取password_reset数据?
[英]How to Get password_reset data from token?
问题描述
I am working on password reset functionality . 
我正在使用密码重置功能 。
As of now, the email field is mandatory to fill. 到目前为止,必须填写电子邮件字段。 But I want to remove that email field(which I will get by using the token from the database and keep it in a hidden field in reset form) from the reset form. 但是我想从重置表单中删除该电子邮件字段(我将通过使用数据库中的令牌获得该电子邮件字段,并将其保留在重置表单的隐藏字段中)。
As I can see password_resets table has those passwords reset request records along with email , token and created_at fields. 如我所见,password_resets表具有那些密码重置请求记录以及email , token和created_at字段。
I am trying to decode the token which I will get from URL, to compare with a token which is saved in the database. 我正在尝试解码将从URL获得的令牌,以便与保存在数据库中的令牌进行比较。
I tried, 我试过了,
//Hash::make
//$this->hasher->make
//Crypt::decrypt
//sha1
//md5
On the token I will get from url. 关于令牌,我将从URL获得。
But still I am unable to get exact matching token to compare with token which exists in database table password_resets . 但是我仍然无法获得完全匹配的令牌来与数据库表password_resets存在的令牌进行比较。
I had went through this link . 我已经通过这个链接 。 Which says Password reset tokens are now stored as bcrypt of sha256 . 其中说, 密码重置令牌现在存储为sha256的bcrypt 。 But I don't understand how do I decode that token. 但是我不明白如何解码该令牌。
Do anyone faces this problem? 有人面对这个问题吗? Any idea? 任何想法? Any suggestions? 有什么建议么?
1 个解决方案
解决方案1
0 2017-11-20 13:28:54
You can't decrypt a hash since hashes aren't encryption. 您不能解密哈希,因为哈希不是加密的。 Hashes are used to make a unique 'fingerprint' of a piece of data. 散列用于对数据进行独特的“指纹识别”。 Hashes don't contain the full data and therefore there is no way you're able to reverse it. 哈希不包含完整的数据,因此您无法将其反转。
But the password_resets table should contain the token if it has been issued. 但是password_resets表应该包含令牌(如果已颁发)。 A simple query like 一个简单的查询,例如
SELECT * FROM password_resets WHERE token = ?
should return the email adress. 应该返回电子邮件地址。
Make sure there's data in that table to begin with. 确保该表中有数据开始。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.