我正在请求忘记密码的问题。 如果用户忘记了他/她的密码,我怎么能在电子邮件地址中返回他/她相同的密码?我的问题是SQL数据库密码是加密的,我想如何检索相同的密码而不是加密。
我确实喜欢这个:
<!--
METADATA
TYPE="typelib"
UUID="CD000000-8B95-11D1-82DB-00C04FB1625D"
NAME="CDO for Windows 2000 Library"
-->
<%
DIM strEmail
strEmail = Request.Form("email")
IF strEmail <> "" THEN
%>
<%
DIM objDB, rs, rssql
Set objDB = Server.CreateObject("ADODB.Connection")
objDB.Open "Provider=MSDASQL.1;Password=langas;Persist Security Info=True;User ID=mmsg;Data Source=mmsg_web"
rssql = "SELECT email_addr, medacist_password FROM medacist_user WHERE email_addr = '" & strEmail & "'"
Set rs = objDB.Execute(rssql)
IF rs.EOF THEN
Response.Write "That email address was not found in our database. Please click Back on your browser and enter the email address you registered with."
ELSE
DIM strPassword
set strPassword = rs("medacist_password")
Set cdoConfig = CreateObject("CDO.Configuration")
With cdoConfig.Fields
.Item(cdoSendUsingMethod) = cdoSendUsingPort
.Item(cdoSMTPServer) = "10.1.1.186" 'Ongoing sever SMTP required \\'
'' .Item(cdoSMTPAuthenticate) = 1'
'' .Item(cdoSendUsername) ="<enter_username>"
' ' .Item(cdoSendPassword) ="<enter_password>"''
.Update
End With
Set cdoMessage = CreateObject("CDO.Message")
With cdoMessage
Set .Configuration = cdoConfig
.From = "clu@medacist.com"
.To = strEmail
.Subject = "Forgotten Password"
.HTMLBody = "Here is your password: " & strPassword
.Importance = 1
.Send
End With
Set cdoMessage = Nothing
Set cdoConfig = Nothing
Response.Write "Your password has been sent to your email address."
END IF
ELSE
Response.Write "Please click Back on your browser and enter the email address you registered with."
END IF
%>
<!-- "Please click below link to reset your password: <br> <a href='https://www.medacist.com/login/test_globals.asp'>Click this link to reset your password</a>" -->
&#13;
答案 0 :(得分:0)
您不应该检索密码。
你应该生成一个长的伪随机标记。存放一小段时间(例如24小时)。将其发送给用户(通常嵌入在URL中)。当用户关注电子邮件中的链接时,他们应该获得一个允许他们设置新密码的页面(您可以使用URL中的令牌来识别正在更改哪个用户的密码)。