密码恢复asp

时间:2015-01-07 19:42:05

标签: html sql asp-classic

我正在请求忘记密码的问题。 如果用户忘记了他/她的密码,我怎么能在电子邮件地址中返回他/她相同的密码?我的问题是SQL数据库密码是加密的,我想如何检索相同的密码而不是加密。

我确实喜欢这个:



<!-- 
    METADATA 
    TYPE="typelib" 
    UUID="CD000000-8B95-11D1-82DB-00C04FB1625D"  
    NAME="CDO for Windows 2000 Library" 
--> 

    <%
    DIM strEmail
    strEmail = Request.Form("email")

    IF strEmail <> "" THEN
    
    %>
    
    <%
    DIM objDB, rs, rssql
    Set objDB = Server.CreateObject("ADODB.Connection")
    objDB.Open "Provider=MSDASQL.1;Password=langas;Persist Security Info=True;User ID=mmsg;Data Source=mmsg_web"
    rssql = "SELECT email_addr, medacist_password FROM medacist_user WHERE email_addr = '" & strEmail & "'"
    Set rs = objDB.Execute(rssql) 


    IF rs.EOF THEN
    Response.Write "That email address was not found in our database. Please click Back on your browser and enter the email address you registered with."
    ELSE
    DIM strPassword
    set strPassword = rs("medacist_password")
    

    Set cdoConfig = CreateObject("CDO.Configuration")  
 
    With cdoConfig.Fields  
        .Item(cdoSendUsingMethod) = cdoSendUsingPort  
        .Item(cdoSMTPServer) = "10.1.1.186"  'Ongoing sever SMTP required \\'
  ''      .Item(cdoSMTPAuthenticate) = 1'
    ''    .Item(cdoSendUsername) ="<enter_username>"
    ' '   .Item(cdoSendPassword) ="<enter_password>"''
        .Update  
    End With 
 
    Set cdoMessage = CreateObject("CDO.Message")  

 
    With cdoMessage 
        Set .Configuration = cdoConfig 
        .From = "clu@medacist.com" 
        .To = strEmail 
        .Subject = "Forgotten Password" 
        .HTMLBody = "Here is your password: " & strPassword 
        .Importance = 1
        .Send 
    End With 
 
    Set cdoMessage = Nothing  
    Set cdoConfig = Nothing  


    Response.Write "Your password has been sent to your email address."
    END IF

    ELSE
    Response.Write "Please click Back on your browser and enter the email address you registered with."
    END IF
    %>

<!-- "Please click below link to reset your password: <br> <a href='https://www.medacist.com/login/test_globals.asp'>Click this link to reset your password</a>"  -->
&#13;
&#13;
&#13;

1 个答案:

答案 0 :(得分:0)

您不应该检索密码。

你应该生成一个长的伪随机标记。存放一小段时间(例如24小时)。将其发送给用户(通常嵌入在URL中)。当用户关注电子邮件中的链接时,他们应该获得一个允许他们设置新密码的页面(您可以使用URL中的令牌来识别正在更改哪个用户的密码)。