我应该将$ get值与存储的relavent db值进行比较吗?

时间:2012-12-04 01:54:11

标签: php oop codeigniter

我正在尝试在codeigniter中实现重置用户密码。

我创建了一个用户发送电子邮件的表单,它在“重置”表中创建了一行,用于存储创建的令牌以及附加发送到电子邮件的链接的令牌。

最后一步实际上是重置密码。在检查附加到电子邮件的令牌与存储在与该电子邮件关联的数据库中的令牌时,或者如果这是正确的方法,我不理解如何进行正确的比较。

在我目前的代码中,我无法通过验证并实际重置密码。这是我的代码:

这是用于创建令牌和发送电子邮件的模型:

public function validate_retrieve($data) {

            $query = $this->db->where($data)->get('users', '1');

            foreach ($query->result() as $user)
            {
                $user->email;
                $user->salt;
                $user->id;

            }

            $token = sha1($user->email.$user->salt).dechex($user->id);
            $reset_token = array(
                'token' => $token,
                'email' => $user->email
            );

            $insert = $this->db->insert('reset', $reset_token, '1');
            return $reset_token;
        }

和控制器:

public function retrieve()
        // REQUEST PASSWORD RESET
        // LOADED WHEN THE FORM IS SUBMITTED OFF THE PASSWORD PAGE AND SENDS THE EMAIL WITH TOKEN AND INSTRUCTIONS
        {
            $this->load->library('form_validation');
            $this->load->library('session');
            $this->form_validation->set_rules('email', 'Email', 'trim|required|valid_email');
            $this->load->model('user_model', 'um');
            $this->load->library('encrypt');
            $this->load->helper('url');
            $submit = $this->input->post('submit');
            $salt = $this->_salt();

            if($submit)
            // IF THE SUBMIT BUTTON IS SET
            {

                // START PROCESS TO CREATE $USER VARIABLE THAT HOLDS WHAT THE USER ENTERED IN THE FORM AND THAT CAN GET CHECKED AGAINST THE DB IN THE MODEL
                $user = $this->um->validate_retrieve(array('email' => $this->input->post('email')));


                // IF THE USER IS CREATED AND CHECKS OUT AND ALL OF THE ERRORS ARE CLEARED ON THE FORM
                if( $user && $this->form_validation->run() == TRUE ) {

                    $domain = "clci.dev/index.php";

                    // CREATE A TOKEN LINK TO SEND TO THE USERS EMAIL THAT EXIST IN THE DB AND WAS ENTERED

                    $token = $user['token'];
                    $link = "http://www.".$domain."/auth/reset/?token=$token";


                        $this->load->library('email');

                        $this->email->from('noreply@cysticlife.org', 'CysticLife');
                        $this->email->to($this->input->post('email')); 

                        $this->email->subject('Reset Password');
                        $this->email->message("Please go to the following web address to reset your password:\n\n$link\n\n-Your friends at CysticLife\n\nPlease remember to add the cysticlife.org domain to your address book to ensure that you receive your CysticLife e-Notifications as requested.");  

                        $this->email->send();
                        redirect('auth/success');
                        exit;

                    }
                    $this->form_validation->run() == FALSE;
                    $data['main_content'] = 'auth/password';
                    $this->load->view('includes/templates/main_page_template', $data);
                    $data['email_error'] = 'This email is invalid';
                }
            }

现在这里是我遇到的问题,重置模型:

public function verify_token($token)
          {
            $this->db->where('token', $token);
            $query = $this->db->get('reset');

            if ($query->num_rows() == 1) {

                return TRUE;
            } else {
                return FALSE;

            }
          }

          public function reset_password()
            {
              $salt = $this->_salt();
              $query = $this->db->get('reset', 1);
              $row = $query->row();

              $data = array(
                      'password' => $this->encrypt->sha1($salt . $this->encrypt->sha1($this->input->post('password'))),
                      'salt' => $salt
                    );  
              $this->db->where('email', $row->email);
              $this->db->update('users', $data);
            }

和控制器:

public function reset_password()
            {
             $this->load->library('form_validation');
             $this->load->library('session');
             $this->load->model('user_model', 'um');
             $this->load->library('encrypt');
             $this->load->helper('url');
             $this->form_validation->set_rules('password', 'Password', 'trim|required'); 
             $this->form_validation->set_rules('password2', 'Confirm Password', 'trim|required|matches[password]');
             $salt = $this->_salt();
             $submit = $this->input->post('submit');


             if($submit) 
             {
              $validToken = $this->um->verify_token($token); 
              if($this->form_validation->run() == TRUE && $validToken == TRUE)
              {

              $this->um->reset_password(array('password' => $this->input->post('password', $salt)));


              $data['main_content'] = 'auth/success';
              $this->load->view('includes/templates/home_page_template', $data);

              }
              $this->form_validation->run() == FALSE;
           $data['main_content'] = 'auth/reset';
           $this->load->view('includes/templates/main_page_template', $data);
             }
            }

我似乎非常接近,但我肯定被卡住了。非常感谢任何帮助。

1 个答案:

答案 0 :(得分:1)

http://yoursitename.com/reset/[hashcode]

将链接发送给会员电子邮件,密码已由用户重置。

在网站上,您将检索哈希码以与您的数据库进行比较

public function reset($hashcode)
 {
    if($hashcode!=null)
    {
        // compare with db
        // if success 
        // redirect to create new password page
        // or show create new password form
    }
 }