寻找一些好的选项来向用户发送重置密码电子邮件 [英] Looking for a some good options to send users reset password emails

问题描述

我想在忘记密码时向用户发送电子邮件，提示他们重置密码.我知道这是有争议的，并且正在寻找一些好的选择/建议/方法/文章可供选择.

I want to send emails to users when the forget their passwords that prompt them to reset their passwords. I know this is debatable and was looking for a few good options/suggestions/methods/articles to choose from.

我正在提示用户按下一个带有 PHP 部分的简单脚本的忘记密码"链接:

I'm prompting users to press a 'forgot password' link with a simple script with the PHP portion doing this:

$Email = $_POST['email'];
$success = false;
$formError = false;

if(isset($_POST['sub_forgot_pw'])) {

    if(empty($_POST['email'])) {
        $formError = "true";
        $error = "Please enter your e-mail address.";
    }else{
        $to = $Email;
        $subject = "Password Help";
        $message = "To reset your password, please <a href='http://www.blahblahblah.org'>Click here</a><br /><br />Do LIFE,<br /> The Team";
        $from = "CysticLife <noreply@cysticlife.org>";
        $headers  = 'MIME-Version: 1.0' . "
";
        $headers .= 'Content-type: text/html; charset=iso-8859-1' . "
";
        $headers .= "From: $from";
        if(mail($to, $subject, $message, $headers));{
            $success = "true";
        }


    }

}

推荐答案

我是这样做的:

我有 reset_password 表.当有人要求重置时，他们通常会单击您网站上的一个链接，上面写着忘记密码"，他们会在其中输入他们注册时使用的电子邮件，然后您的系统会发送一个链接.当然，您首先要确定用户是否已注册.通过从电子邮件 = $_POST['email'] 的用户中进行选择.如果它们存在，则制作一个随机生成的令牌，例如

I have reset_password table. When someone asks for a reset, they usually click a link on your site that says "forgot password" where they enter their email they registered with and your system sends a link. Of course you begin with finding out if the user is registered at all. by selecting from users where email = $_POST['email']. If they exist, make a randomly generated token, like

$token = md5($_POST['email'].time());

但正如 Buh Buh 在下面的评论中所表达的，您可能希望使用一些不太明显的东西来生成您的令牌.crypt() 如果你愿意，可以接受盐模式.

But as Buh Buh expressed in the comment below, you may want to use something a little less obvious to generate your token. crypt() can accept a salt pattern if you like.

在 reset_password 表中插入请求(电子邮件和令牌)，然后向他们发送类似

Insert the request (email and token) in the reset_password table, then you send them a link like

http://www.domain.com/resetpassword.php?token=<?php echo $token; ?>

然后在该文件中获取 $_GET['token'] 并将其与 reset_password 表交叉引用.如果令牌有效，您将向他们展示一个要求他们输入新密码的表格.提交后，选择具有与该令牌相关的电子邮件地址的用户并更新用户表.

Then in that file you take the $_GET['token'] and cross reference it with the reset_password table. If the token is valid, you present them with a form that asks for their new password. Upon submit, select the user with the email address related to that token and update the user table.

这篇关于寻找一些好的选项来向用户发送重置密码电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！