我几乎可以使用一切,下面你可以找到我已经完成的步骤,并且已经有效了。
步骤1)向想要重置密码的用户的电子邮件发送电子邮件(带有创建的令牌)
步骤2)用户点击提供的令牌链接并重定向到重置密码表单
问题
步骤3)要重置密码,需要填写新密码并按下重置按钮。发生的事情是一切都按计划进行但数据库没有更新?我检查了它是否与密码哈希和盐有关,但我现在不知道它与它有什么关系吗? 注册我的脚本时,它会创建一个64字节的十六进制密码和8字节的六角形盐。 现在,当我使用相同的代码时,在重置密码脚本中,它会创建一个255字节十六进制的密码哈希,并且还会创建一个比注册表更大的盐。
您可以在下面找到代码:
------------- DATABASE -------------
`password` char(64) COLLATE utf8_unicode_ci NOT NULL,
`salt` char(16) COLLATE utf8_unicode_ci NOT NULL,
------------- PHP重置密码-------------
require("connect.php");
$ key = trim($ _ GET ['key']);
$stmt = $db->prepare('SELECT resetToken, resetComplete FROM members WHERE resetToken = :token');
$stmt->execute(array(':token' => $key));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//if no token from db then kill the page
if(empty($row['resetToken'])){
echo 'Invalid token provided, please use the link provided in the reset email.';
} elseif($row['resetComplete'] == 'Yes') {
echo 'Your password has already been changed!';
}
if (!empty($_POST)) {
if (empty($_POST['password'])) {
echo "Please enter a password!";
exit();
}
if (empty($_POST['retype'])) {
echo "Please retype password!";
exit();
}
if ($_POST['password'] != $_POST['retype']) {
echo "Password doesn't match!";
exit();
}
$query = "UPDATE members SET password = :password, salt = :salt, resetComplete = 'Yes' WHERE resetToken = :token";
$salt = dechex(mt_rand(0, 2147483647)) . dechex(mt_rand(0, 2147483647));
$password = hash('sha256', $_POST['password'] . $salt);
for ($round = 0; $round < 65536; $round++) {
$password = hash('sha256', $password . $salt);
}
$query_params = array(
':password' => $password,
':salt' => $salt,
':token' => $row['resetToken']
);
try {
// Execute the query to create the user
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
} catch(PDOException $ex) {
die("Failed to run query");
}
echo "Change password success";
}