用户单击时发送电子邮件忘记密码 [英] send email when user clicks forget password

问题描述

当用户单击忘记密码"时，我需要一个编码来发送电子邮件....

在我的设计中，当用户单击忘记密码"时，将使用提交"按钮打开texbox.然后，用户需要输入其电子邮件地址，然后单击提交"按钮....

如果他们单击提交"按钮，电子邮件将使用密码发送到其ID ...

但是在我的编码中，电子邮件没有传递给他们的ID....

所以我需要在不使用C#的会话的情况下对此问题进行编码....



请帮我.......................

I need a coding to send email when user clicks forget password....

In my design when user clicks forget password the texbox open with submit button....Then user need to enter their email address and click submit button....

If they click submit button the email send to their id with password...

But in my coding the email not delivered to their id....

So I need coding without using session in C# for this problem ....



Pleas help me.................

推荐答案

这是一个坏主意.
Digimanus是正确的，我可以给您的系统提供您的用户名和十分钟邮件的电子邮件地址，然后您会向我发送密码.然后，我可以像您一样登录并执行我想要的任何操作.

这里有两个(至少)问题:
1)我可以在不知情的情况下为您获取密码.由于人们倾向于在多个系统上使用单个密码，因此这非常危险.
2)您正在以易于检索的格式存储密码.

也不要这样做.
改为这样操作:
1)存储密码散列而不是文本-因为无法将其解密回原始密码，因此它们更加安全(它们的长度也固定，这有助于DB设计).这里有一个提示应该有所帮助:密码存储:操作方法. [^ ]
2)要求您的用户在注册时输入有效的电子邮件地址. (您可以通过发送确认电子邮件进行检查，然后他们必须继续进行回复).
3)当他们忘记密码时，将其重置为随机值，然后将新的随机值发送到原始电子邮件地址.

这意味着原始密码永远是未知的-原始用户除外.因此，如果他在所有系统上都使用相同的密码，那么它们也不会受到损害.

This is a bad idea.
Digimanus is correct, I could give your system your user id, and a Ten Minute Mail email address, and you would send me your password. Then I could log in as you and do anything I wanted.

There are two (at least) problems here:
1) I could get you password without you knowing. Since people tend to use a single password for multiple systems, this is very dangerous.
2) You are storing passwords in a easily retrieveable format.

Do not do either.
Operate this way instead:
1) Store password hashes instead of text - because they cannot be decoded back to the original password, they are much more secure (they also have a fixed length, which helps with the DB design). There is a Tip here that should help: Password Storage: How to do it.[^]
2) Require your users to enter a valid email address when they register. (You can check it by sending a confirmation email which they must respond to before they continue).
3) When they forget the password, reset it to a random value, and send the new random value to the original email address.

This means that the original password is never known - except to the original user. So if he uses the same password for all his systems, then they aren''t compromised either.

这篇关于用户单击时发送电子邮件忘记密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！