如何发送带有链接的电子邮件以在 PHP 中重置密码
[英]How to send an email with a link to reset password in PHP
问题描述
I love exploring the world of PHP through my website by creating small projects personal who give me experience for the current and future work who knows ...
我喜欢通过我的网站通过创建个人小项目来探索 PHP 的世界,这些项目为我提供了当前和未来工作的经验,他们知道...
I will add very soon the information of email when a user creates an account on my website...当用户在我的网站上创建帐户时,我将很快添加电子邮件信息...
After a few hours of research and reading, I can not find or understand how to send an email with a link to reset the password of a user...经过几个小时的研究和阅读,我无法找到或理解如何发送带有链接的电子邮件以重置用户密码......
Here is my method of hashing:这是我的哈希方法:
$options = ['cost' => 11, 'salt' => random_bytes(22)];
$passwordCrypter = password_hash($password, PASSWORD_BCRYPT, $options);
I think we need to use this method because to decrypt a password is not recommended I think...我认为我们需要使用这种方法,因为不建议解密密码我认为...
But why...I want to understand...但是为什么……我想明白……
Thx谢谢
Have a nice guys有一个好人
3 个解决方案
解决方案1
0 2018-10-31 12:33:30
Using PHPMailer Here Sample of My Code Where $dir is your current directory在此处使用 PHPMailer 我的代码示例 $dir 是您的当前目录
function mailSet($to,$full_name,$subject,$body){
require($dir.'vendor/mailer/PHPMailerAutoload.php');
require($dir.'vendor/mailer/class.phpmailer.php');
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->Host = 'YOUR HOST';
$mail->SMTPAuth = TRUE;
$mail->Username = 'HOST EMAIL ACCOUNT';
$mail->Password = 'HOST PASSWORD';
$mail->From = 'FROM EMAIL';
$mail->setFrom('FROM EMAIL', 'FULL NAME');
$mail->AddAddress($to, $full_name);
$mail->WordWrap = 70;
$mail->Subject = $subject;
$mail->Body = $body;
$mail->IsHTML(TRUE);
if(!$mail->Send()){
echo 'SEND';
} else {
echo 'FAILED TO SEND'; }
}
function forgetPassword($account){
global $dir;
$data=getData('users',$account); //GET DATA FROM DATABASE
$link=getDataBy('forget_password','account',$data['id']); //RELATION DATA FROM TABLE USERS
$body='SOME TEXT <p>YOU CAN USE HTML TAG TO <a href="'.$dir.'login/changepassword?SESSION_ID='.$link['link'].'&&SESSION_VALID='.md5(rand(0,100)).'">LINK TO CLICK</a><p>END OF HTML TAG</p>';
return $body;
}`
Sample PHP Mail Using PHPMailer, Where $to = Recipient Email, $full_name = Recipient Full Name, $subject = Email Subject, $body = EMAIL HTML BODY使用 PHPMailer 的 PHP 邮件示例,其中 $to = 收件人电子邮件,$full_name = 收件人全名,$subject = 电子邮件主题,$body = EMAIL HTML BODY
解决方案2
0 2018-10-31 13:35:47
to decrypt a password is not recommended
If it is even theoretically possible to decrypt your passwords then you are doing it wrong.如果理论上甚至可以解密您的密码,那么您做错了。
Further, from your description, you are creating an easily exploited denial of service vulnerability if you allow passwords to be changed anonymously.此外,根据您的描述,如果您允许匿名更改密码,则您正在创建一个易于利用的拒绝服务漏洞。 The right solution is:正确的解决方案是:
When someone asserts an identity and requests a password reset, generate a token with high redundancy and a limited TTL, email that to the user.
当有人断言身份并请求重置密码时,生成具有高冗余和有限 TTL 的令牌,通过电子邮件将其发送给用户。 Do NOT change the password.请勿更改密码。When a reset token is presented along with a username, validate the TTL has not expired and that the token was issued to the asserted username, then allow the user to pick a new password.
当重置令牌与用户名一起出现时,验证 TTL 未过期并且令牌已颁发给断言的用户名,然后允许用户选择新密码。
解决方案3
-1 2018-10-31 12:25:43
<html>
<body>
<form method="post" action="send_link.php">
<p>Enter Email Address To Send Password Link</p>
<input type="text" name="email">
<input type="submit" name="submit_email">
</form>
</body>
</html>
Step 1.Make a HTML file and define markup for password reset system步骤 1.制作 HTML 文件并为密码重置系统定义标记
<?php
if(isset($_POST['submit_email']) && $_POST['email'])
{
mysql_connect('localhost','root','');
mysql_select_db('sample');
$select=mysql_query("select email,password from user where email='$email'");
if(mysql_num_rows($select)==1)
{
while($row=mysql_fetch_array($select))
{
$email=md5($row['email']);
$pass=md5($row['password']);
}
$link="<a href='www.samplewebsite.com/reset.php?key=".$email."&reset=".$pass."'>Click To Reset password</a>";
require_once('phpmail/PHPMailerAutoload.php');
$mail = new PHPMailer();
$mail->CharSet = "utf-8";
$mail->IsSMTP();
// enable SMTP authentication
$mail->SMTPAuth = true;
// GMAIL username
$mail->Username = "your_email_id@gmail.com";
// GMAIL password
$mail->Password = "your_gmail_password";
$mail->SMTPSecure = "ssl";
// sets GMAIL as the SMTP server
$mail->Host = "smtp.gmail.com";
// set the SMTP port for the GMAIL server
$mail->Port = "465";
$mail->From='your_gmail_id@gmail.com';
$mail->FromName='your_name';
$mail->AddAddress('reciever_email_id', 'reciever_name');
$mail->Subject = 'Reset Password';
$mail->IsHTML(true);
$mail->Body = 'Click On This Link to Reset Password '.$pass.'';
if($mail->Send())
{
echo "Check Your Email and Click on the link sent to your email";
}
else
{
echo "Mail Error - >".$mail->ErrorInfo;
}
}
}
?>
Step 2.Make a PHP file to send the link步骤 2.制作一个 PHP 文件来发送链接
<?php
if($_GET['key'] && $_GET['reset'])
{
$email=$_GET['key'];
$pass=$_GET['reset'];
mysql_connect('localhost','root','');
mysql_select_db('sample');
$select=mysql_query("select email,password from user where md5(email)='$email' and md5(password)='$pass'");
if(mysql_num_rows($select)==1)
{
?>
<form method="post" action="submit_new.php">
<input type="hidden" name="email" value="<?php echo $email;?>">
<p>Enter New password</p>
<input type="password" name='password'>
<input type="submit" name="submit_password">
</form>
<?php
}
}
?>
Step 3.Make a PHP file to reset Password步骤 3.制作一个 PHP 文件来重置密码
<?php
if(isset($_POST['submit_password']) && $_POST['key'] && $_POST['reset'])
{
$email=$_POST['email'];
$pass=$_POST['password'];
mysql_connect('localhost','root','');
mysql_select_db('sample');
$select=mysql_query("update user set password='$pass' where email='$email'");
}
?>
Step 4.Make a PHP file to update new password步骤 4.制作一个 PHP 文件来更新新密码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.