需要忘记并更改密码脚本 [英] Need forgot and change password script
问题描述
伙计们,我正在开发一个剧本,它差不多完成了,只剩下两件小事:
忘记密码选项
更改密码选项
关于忘记密码:用户可以在同一个电子邮件地址下使用尽可能多的用户名,因此系统需要一种方法来在用户输入时发送用户电子邮件的密码忘记密码字段上的用户名。
我在php 4下运行它,所以不要担心,如果你看到$ HTTP_POST_VARS。 :)
我会在这里发布register.php脚本,所以你可以看到这些函数是如何工作的,还有另外一些东西:)
HTTP_POST_VARS。 :)
我会在这里发布register.php脚本,所以你可以看到这些函数的工作方式和其他内容:)
在创建忘记密码时选项,它应该*不能*发送他们的密码。为了能够向他们发送密码,意味着他们的密码以未加密的形式存在于您的数据库中。如果有人要访问您的数据库,他们就可以访问每个用户帐户。
加密增加了另一层保护。为了利用它,使用加密密码的算法,以加密形式保存,然后您将始终根据数据库中的加密密码检查用户输入密码的加密版本。有许多方法可以加密密码和许多方法来提高这些方法对黑客工具(即彩虹表)的安全性,但进入它们需要花费很多时间。 PHP有一个 md5()和一个 sha1()可以帮助您入门的功能。
为了帮助忘记密码的用户,给他们某种方式来验证他们的身份(即安全问题),将他们的密码重置为随机字符串,并向他们发送新的重置密码。或者,为了避免出现安全问题,请在保留旧密码的同时为表添加一个单独的字段以获取新的重置密码,以防万一他们在用新的随机生成的密码发送电子邮件后再记住它。当然,保留旧密码不是必需,但是当黑客试图调用忘记密码时,方便。在某人的帐户上运行,用户不知道密码更改。在这种方法中,如果用户成功登录或更改密码,您也会删除新密码。
说到更改密码,接下来就是我将解决。更改密码功能相对简单。基本上,确保用户已经登录。然后,给他们一个包含3个字段的表单:当前密码和新密码的2个字段。检查当前密码,确保两个新密码字段相互匹配,然后将密码更改为新密码。
简单。 ;)
有点介绍这部分
为了帮助忘记密码的用户,给他们一些方法验证他们的身份(即安全问题),将他们的密码重置为随机字符串,并向他们发送新的重置密码。
,我是php的新手,不会有任何现成的脚本吗?
关于chnagin密码字段也是如此。
Hi, guys, I''m developing a script and it''s almost done, just left two little things:
Forgot password option
Change password option
About forgot password: The user can use as many user names under the same email adress, so the system needs a way to send the password for user email when user type the user name on field of forgot password.
I''m running it under php 4, so don''t worry if u see a $HTTP_POST_VARS. :)
I''ll post the register.php script here, so u can see how the functions works and another stuff :)
HTTP_POST_VARS. :)
I''ll post the register.php script here, so u can see how the functions works and another stuff :)
When creating a "forgot password" option, it should *not* be possible to send them their password. To be able to send them their password means that their password exists in your database in an unencrypted form. If anyone were to ever get access to your database, they''d have access to every user account.
Encryption adds another layer of protection. In order to take advantage of it, use an algorithm that encrypts the password, saves it in its encrypted form, and then you will always check the encrypted version of the user''s inputted password against the encrypted password in the database. There are many ways to encrypt passwords and many methods to increase the security of these against hacking tools (i.e. rainbow tables), but going into them would take a lot of time. PHP has an md5() and a sha1() function that can get you started.
In order to help users that have forgotten their password, give them some sort of way of verifying their identity (i.e. security questions), reset their password to a random string, and send them the new reset password. Or, to avoid needing security questions, add a separate field to your table for their new reset password while retaining the old password, just in case they remember it after they have been sent an e-mail with their new randomly generated password. Of course, retaining the old password is not required, but it is convenient for when a hacker tries to invoke the "forgot password" function on someone''s account and the user is unaware of the password change. In this method, you''d also remove the new password if the user logs in successfully or changes their password.
Speaking of changing passwords, that is the next thing that I will address. A change password function is easy, comparatively. Basically, make sure the user is already logged in. Then, give them a form with 3 fields: current password, and 2 fields for the new password. Check the current password, make sure the two new passwords fields match each other, and then change their password to the new password.
Easy. ;)
Kinda intersting this partIn order to help users that have forgotten their password, give them some sort of way of verifying their identity (i.e. security questions), reset their password to a random string, and send them the new reset password., I''m a rookie in php, don''t u have any ready made script?
About the chnagin password field too.
这篇关于需要忘记并更改密码脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
