在我的项目中,忘记了密码功能"。当用户忘记密码时,电子邮件应该转到带有解码密码的用户邮件ID。登录后,登录功能应该可以使用。
我使用了以下编码器。
Secuirty.yml:
security:
encoders:
Coupon\EntityBundle\Entity\SupportUsers:
algorithm: sha1
encode_as_base64: false
iterations: 1
# encoders:
# Coupon\EntityBundle\Entity\SupportUsers: plaintext
role_hierarchy:
ROLE_ADMIN: ROLE_USER
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
providers:
main:
entity:
class: Coupon\EntityBundle\Entity\SupportUsers
property: supportUserUsername
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
login:
pattern: ^/login$
security: false
coupon_login_forgot_password:
pattern: ^/forgot-password$
security: false
# coupon_report_categoryWiseCSV:
# pattern: ^/report/csv-category$
# security: false
# default_security_target:
# pattern: ^/users/home$
# security: false
coupon_dashboard:
pattern: ^/
form_login:
check_path: login_check
login_path: login
default_target_path: coupon_dashboard
always_use_default_target_path: true
logout:
path: logout
target: login
remember_me:
key: trex-kharadi6
lifetime: 43200
always_remember_me: false
remember_me_parameter: _remember_me
path: ~
domain: ~
#anonymous: ~
#http_basic:
# realm: "Secured Demo Area"
access_control:
- { path: ^/coupon_dashboard, roles: ROLE_ADMIN }
- { path: ^/login, roles: IS_AUTHENTICATED_FULLY}
如何编写自定义编码和解码方法以及如何配置它。
忘记密码行动: 在这里,我正在从数据库中检索编码的密码。
public function forgotPasswordAction(Request $request) {
$em = $this->getDoctrine()->getManager();
$username = $request->get('username');
$couponHelper = $this->get('coupon_helper');
if ($request->isMethod('POST')) {
//echo $username; die;
if ($username == '') {
$this->get('session')->getFlashBag()->add('msg', $this->get('translator')->trans('forgot.pwd.enter'));
} else {
$user = $em->getRepository('CouponEntityBundle:SupportUsers')->findBy(array('supportUserUsername' => trim($username), 'supportUserStatus' => '0'));
if (count($user) != 0) {
$password = $user[0]->getSupportUserPassword();
$email = $user[0]->getSupportUserEmail();
if ($email != '') {
//emailer helper.
$data['firstName']='';
$data['lastName']='';
$data['userName'] = $user[0]->getSupportUserUsername()?$user[0]->getSupportUserUsername():'';
$data['email'] = $email;
$data['password'] = $password ? $password:'';
$data['instance'] = 'forgotpassword';
$emailStatus = $couponHelper->emailer($data);
$logger = $this->get('logger');
$logger->info('[Email]: [' . $emailStatus . ']');
unset($data);
$this->get('session')->getFlashBag()->add('msg', $this->get('translator')->trans('forgot.pwd.sent'));
} else {
$this->get('session')->getFlashBag()->add('error', $this->get('translator')->trans('forgot.pwd.reg.not.email'));
}
} else {
$this->get('session')->getFlashBag()->add('error', $this->get('translator')->trans('forgot.pwd.not.reg'));
}
}
return $this->redirect($this->generateUrl('coupon_login_forgot_password'));
}
return $this->render('CouponLoginBundle:Login:forgot_password.html.twig', array('username' => $username));
}
因此,忘记密码操作如何获取原始密码并将其邮寄给用户。请帮助我。
答案 0 :(得分:2)
你不能这样做。这是一个安全问题,您永远无法解码用户的密码。
密码实际上被记忆为哈希,这是一个无法有目的地向后播放的单向过程。