PHP-如何实现密码重置和令牌到期 [英] PHP - How to implement password reset and token expiry

问题描述

我正在尝试设置一个使用24小时后失效的令牌的php密码恢复脚本.但是我不确定该怎么做.我目前有SHA1个加密的用户密码.我想做的就是在URL上附加一个令牌，该令牌在用户要求重设密码时发送给用户.但是，如何正确执行此操作以及需要将什么存储在数据库中?

I'm looking to set up a php password recovery script, using a token which expires after 24 hours. But I'm not sure how to go about it. I have SHA1 encrypted user passwords at the moment. All I want to do I think is append a token to the URL which is sent to the user when they request a password reset. But how do I go about doing this properly and what do I need to store in the database?

推荐答案

1. 当您的用户请求重设密码时，请生成令牌并计算其失效日期
2. 将令牌及其有效期存储在该用户的用户表的单独列中
3. 向用户发送一封电子邮件，其中包含重置链接，并将令牌附加在其URL上
4. 当用户点击链接时，从您的URL中获取令牌(也许使用$_GET['token'])
5. 根据您的用户表验证令牌
6. 检查尚未过期
   • 如果它已过期，则可以通过清除字段来使其无效，并允许用户重新发送

1. When your user requests a password reset, generate a token and calculate its expiry date
2. Store the token and its expiry date in separate columns in your users table for that user
3. Send an email to the user containing the reset link, with the token appended to its URL
4. When your user follows the link, grab the token from your URL (perhaps with $_GET['token'])
5. Verify the token against your users table
6. Check that it's not past its expiry date yet
   • If it has expired, invalidate it, perhaps by clearing the fields, and allow the user to resend

这篇关于PHP-如何实现密码重置和令牌到期的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！