密码重置链接到期 [英] Password Reset Link Expiry
问题描述
我想知道是否有人可以帮助我.
I wonder whether someone could help me please.
我已经对密码重置"过程进行了大量研究,并且从我发现的一个教程中,我已经能够将以下代码整合在一起以提供此功能.
I've been doing quite a bit of research on the 'Password Reset' process and from one of the tutorials I found, I've been able to put the following code together which provides this functionality.
忘记密码
<?php
// Connect to MySQL
$c = mysql_connect("host", "user", "password");
mysql_select_db("database", $c);
// Was the form submitted?
if ($_POST["ForgotPasswordForm"])
{
// Harvest submitted e-mail address
$emailaddress = mysql_real_escape_string($_POST["emailaddress"]);
// Check to see if a user exists with this e-mail
$userExists = mysql_fetch_assoc(mysql_query("SELECT `emailaddress` FROM `userdetails` WHERE `emailaddress` = '$emailaddress'"));
if ($userExists["emailaddress"])
{
// Create a unique salt. This will never leave PHP unencrypted.
$salt = "KEY";
// Create the unique user password reset key
$password = md5($salt . $userExists["emailaddress"]);
// Create a url which we will direct them to reset their password
$pwrurl = "phpfile.php?q=" . $password;
// Mail them their key
$mailbody = "Dear user,\n\nIf this e-mail does not apply to you please ignore it. It appears that you have requested a password reset at our website \n\nTo reset your password, please click the link below. If you cannot click it, please paste it into your web browser's address bar.\n\n" . $pwrurl . "\n\nThanks,\nThe Administration";
mail($userExists["emailaddress"], "", $mailbody);
echo "Your password recovery key has been sent to your e-mail address.";
}
else
echo "No user with that e-mail address exists.";
}
?>
重置密码
<?php
// Connect to MySQL
$c = mysql_connect("host", "user", "password");
mysql_select_db("database", $c);
// Was the form submitted?
if ($_POST["ResetPasswordForm"])
{
// Gather the post data
$emailaddress = mysql_real_escape_string($_POST["emailaddress"]);
$password = md5(mysql_real_escape_string($_POST["password"]));
$confirmpassword = md5(mysql_real_escape_string($_POST["confirmpassword"]));
$q = $_POST["q"];
$passwordhint = $_POST["passwordhint"];
// Use the same salt from the forgot_password.php file
$salt = "KEY";
// Generate the reset key
$resetkey = md5($salt . $emailaddress);
// Does the new reset key match the old one?
if ($resetkey == $q)
{
if ($password == $confirmpassword)
{
// Update the user's password
mysql_query("UPDATE `userdetails` SET `password` = '$password', `passwordhint` = '$passwordhint' WHERE `emailaddress` = '$emailaddress'");
echo "Your password has been successfully reset.";
}
else
echo "Your password's do not match.";
}
else
echo "Your password reset key is invalid.";
}
?>
我现在想添加一个发送给用户的链接的到期时间.我一直在Stackoverflow社区和其他许多地方上查看该帖子,但是我一直无法找到我一直在寻找的内容.
I would now like to add a timed expiry of the link that I send out to the user. I've been looking at the post on the Stackoverflow community and many others, but I've not been able to find what I've been looking for.
我只是想知道是否有人可以帮助我,并给我一些有关如何实现这一目标的指导.
I just wondered whether someone could perhaps help me out please and give me a little guidance on how I may accomplish this.
非常感谢.
推荐答案
在要求重设密码时,将带有时间戳的字段添加到users表. 当您检查密钥是否匹配时,请检查时间戳记以查看其年代久远.
Add a field to the users table with a timestamp when a password reset is requested. When you check if the key matches check the timestamp to see how old it is.
这是你的意思吗?
这篇关于密码重置链接到期的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
