如何使用链接发送电子邮件以重置PHP中的密码

时间:2018-10-31 12:08:24

标签: php sendmail reset-password

我喜欢通过my website来探索PHP的世界,方法是创建个人小项目,这些小项目为我提供了有关当前和未来工作的经验,这些人知道...

当用户在我的网站上创建帐户时,我会尽快添加电子邮件信息...

经过数小时的研究和阅读,我找不到或不知道如何发送带有链接的电子邮件来重置用户密码...

这是我的哈希方法:

$options = ['cost' => 11, 'salt' => random_bytes(22)];
$passwordCrypter = password_hash($password, PASSWORD_BCRYPT, $options);

我认为我们需要使用此方法,因为我不建议您解密密码...

但是为什么...我想了解...

Thx

有个好人

4 个答案:

答案 0 :(得分:1)

发送重置密码链接电子邮件PHP示例

我们将学习如何在到期时间为PHP MySQL的电子邮件中发送重置密码链接。 [Reset Password Link Send] Email Using PHP - Step By Step

<!doctype html>
<html lang="en">
   <head>
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
   
      <title>Send Reset Password Link with Expiry Time in PHP MySQL - phpcodingstuff.com</title>
       <!-- CSS -->
       <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
   </head>
   <body>
      <div class="container">
          <div class="card">
            <div class="card-header text-center">
              Send Reset Password Link with Expiry Time in PHP MySQL - phpcodingstuff.com
            </div>
            <div class="card-body">
              <form action="password-reset.php" method="post">
                <div class="form-group">
                  <label for="exampleInputEmail1">Email address</label>
                  <input type="email" name="email" class="form-control" id="email" aria-describedby="emailHelp">
                  <small id="emailHelp" class="form-text text-muted">We'll never share your email with anyone else.</small>
                </div>
                <input type="submit" name="password-reset" class="btn btn-primary">
              </form>
            </div>
          </div>
      </div>
 
   </body>
</html>

在电子邮件中发送链接并使用过期时间PHP文件存储令牌

<?php
if(isset($_POST['password-reset']) || $_POST['email'])
{
    include "db.php";
     
    $emailId = $_POST['email'];
 
    $result = mysqli_query($conn,"SELECT * FROM users WHERE email='" . $emailId . "'");
 
    $row= mysqli_fetch_array($result);
 
  if($row)
  {
     
     $token = md5($emailId).rand(10,9999);
 
     $expFormat = mktime(
     date("H"), date("i"), date("s"), date("m") ,date("d")+1, date("Y")
     );
 
    $expDate = date("Y-m-d H:i:s",$expFormat);
 
    $update = mysqli_query($conn,"UPDATE users set  password='" . $password . "', reset_link_token='" . $token . "' ,exp_date='" . $expDate . "' WHERE email='" . $emailId . "'");
 
    $link = "<a href='www.phpcodingstuff.com/reset-password.php?key=".$email."&amp;token=".$token."'>Click To Reset password</a>";
 
    require_once('phpmail/PHPMailerAutoload.php');
 
    $mail = new PHPMailer();
 
    $mail->CharSet =  "utf-8";
    $mail->IsSMTP();
    // enable SMTP authentication
    $mail->SMTPAuth = true;                  
    // GMAIL username
    $mail->Username = "your_email_id@gmail.com";
    // GMAIL password
    $mail->Password = "your_gmail_password";
    $mail->SMTPSecure = "ssl";  
    // sets GMAIL as the SMTP server
    $mail->Host = "smtp.gmail.com";
    // set the SMTP port for the GMAIL server
    $mail->Port = "465";
    $mail->From='your_gmail_id@gmail.com';
    $mail->FromName='your_name';
    $mail->AddAddress('reciever_email_id', 'reciever_name');
    $mail->Subject  =  'Reset Password';
    $mail->IsHTML(true);
    $mail->Body    = 'Click On This Link to Reset Password '.$link.'';
    if($mail->Send())
    {
      echo "Check Your Email and Click on the link sent to your email";
    }
    else
    {
      echo "Mail Error - >".$mail->ErrorInfo;
    }
  }else{
    echo "Invalid Email Address. Go back";
  }
}
?>

然后

<!doctype html>
<html lang="en">
   <head>
      <meta charset="utf-8">
      <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
      <title>Reset Password In PHP MySQL</title>
      <!-- CSS -->
      <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css">
   </head>
   <body>
      <div class="container">
         <div class="card">
            <div class="card-header text-center">
               Reset Password In PHP MySQL
            </div>
            <div class="card-body">
               <?php
                  if($_GET['key'] &amp;&amp; $_GET['token'])
                  {
                  include "db.php";
                  $email = $_GET['key'];
                  $token = $_GET['token'];
                  $query = mysqli_query($conn,
                  "SELECT * FROM `users` WHERE `reset_link_token`='".$token."' and `email`='".$email."';"
                  );
                  $curDate = date("Y-m-d H:i:s");
                  if (mysqli_num_rows($query) > 0) {
                  $row= mysqli_fetch_array($query);
                  if($row['exp_date'] >= $curDate){ ?>
               <form action="update-forget-password.php" method="post">
                  <input type="hidden" name="email" value="<?php echo $email;?>">
                  <input type="hidden" name="reset_link_token" value="<?php echo $token;?>">
                  <div class="form-group">
                     <label for="exampleInputEmail1">Password</label>
                     <input type="password" name='password' class="form-control">
                  </div>
                  <div class="form-group">
                     <label for="exampleInputEmail1">Confirm Password</label>
                     <input type="password" name='cpassword' class="form-control">
                  </div>
                  <input type="submit" name="new-password" class="btn btn-primary">
               </form>
               <?php } } else{
                  <p>This forget password link has been expired</p>
                  }
                  }
                  ?>
            </div>
         </div>
      </div>
   </body>
</html>

任何问题,请转到此链接https://www.phpcodingstuff.com/blog/send-reset-password-link-email-php.html

答案 1 :(得分:0)

在此处使用PHPMailer我的代码示例其中$ dir是您的当前目录

function mailSet($to,$full_name,$subject,$body){
    require($dir.'vendor/mailer/PHPMailerAutoload.php');
    require($dir.'vendor/mailer/class.phpmailer.php');

    $mail = new PHPMailer();
    $mail->IsSMTP();
    $mail->Host = 'YOUR HOST';
    $mail->SMTPAuth = TRUE;

    $mail->Username = 'HOST EMAIL ACCOUNT'; 
    $mail->Password = 'HOST PASSWORD'; 

    $mail->From = 'FROM EMAIL';
    $mail->setFrom('FROM EMAIL', 'FULL NAME');

    $mail->AddAddress($to, $full_name);
    $mail->WordWrap = 70;

    $mail->Subject = $subject;
    $mail->Body = $body;

    $mail->IsHTML(TRUE);


    if(!$mail->Send()){
      echo 'SEND';
    } else {
     echo 'FAILED TO SEND';        }
}

function forgetPassword($account){
  global $dir;
  $data=getData('users',$account); //GET DATA FROM DATABASE
  $link=getDataBy('forget_password','account',$data['id']); //RELATION DATA FROM TABLE USERS
  $body='SOME TEXT <p>YOU CAN USE HTML TAG TO <a href="'.$dir.'login/changepassword?SESSION_ID='.$link['link'].'&&SESSION_VALID='.md5(rand(0,100)).'">LINK TO CLICK</a><p>END OF HTML TAG</p>';
  return $body;
}`

使用PHPMailer示例PHP邮件,其中$ to =收件人电子邮件,$ full_name =收件人全名,$ subject =电子邮件主题,$ body =电子邮件HTML正文

答案 2 :(得分:0)

  

不建议解密密码

如果从理论上讲甚至可以解密密码,那么您做错了。

此外,如果您允许匿名更改密码,那么根据您的描述,您正在创建一个容易利用的拒绝服务漏洞。正确的解决方案是:

  • 当某人声明身份并请求重设密码时,生成具有高冗余度和有限TTL的令牌,然后将其通过电子邮件发送给用户。请勿更改密码。

  • 当提供重置令牌和用户名时,请验证TTL是否没有过期,以及令牌是否已颁发给所声明的用户名,然后允许用户选择新密码。

答案 3 :(得分:-1)

<html>
  <body>
    <form method="post" action="send_link.php">
      <p>Enter Email Address To Send Password Link</p>
      <input type="text" name="email">
      <input type="submit" name="submit_email">
    </form>
  </body>
</html>

第1步:制作一个HTML文件并为密码重置系统定义标记

<?php
if(isset($_POST['submit_email']) && $_POST['email'])
{
  mysql_connect('localhost','root','');
  mysql_select_db('sample');
  $select=mysql_query("select email,password from user where email='$email'");
  if(mysql_num_rows($select)==1)
  {
    while($row=mysql_fetch_array($select))
    {
      $email=md5($row['email']);
      $pass=md5($row['password']);
    }
    $link="<a href='www.samplewebsite.com/reset.php?key=".$email."&reset=".$pass."'>Click To Reset password</a>";
    require_once('phpmail/PHPMailerAutoload.php');
    $mail = new PHPMailer();
    $mail->CharSet =  "utf-8";
    $mail->IsSMTP();
    // enable SMTP authentication
    $mail->SMTPAuth = true;                  
    // GMAIL username
    $mail->Username = "your_email_id@gmail.com";
    // GMAIL password
    $mail->Password = "your_gmail_password";
    $mail->SMTPSecure = "ssl";  
    // sets GMAIL as the SMTP server
    $mail->Host = "smtp.gmail.com";
    // set the SMTP port for the GMAIL server
    $mail->Port = "465";
    $mail->From='your_gmail_id@gmail.com';
    $mail->FromName='your_name';
    $mail->AddAddress('reciever_email_id', 'reciever_name');
    $mail->Subject  =  'Reset Password';
    $mail->IsHTML(true);
    $mail->Body    = 'Click On This Link to Reset Password '.$pass.'';
    if($mail->Send())
    {
      echo "Check Your Email and Click on the link sent to your email";
    }
    else
    {
      echo "Mail Error - >".$mail->ErrorInfo;
    }
  } 
}
?>

第2步:制作一个PHP文件来发送链接

<?php
if($_GET['key'] && $_GET['reset'])
{
  $email=$_GET['key'];
  $pass=$_GET['reset'];
  mysql_connect('localhost','root','');
  mysql_select_db('sample');
  $select=mysql_query("select email,password from user where md5(email)='$email' and md5(password)='$pass'");
  if(mysql_num_rows($select)==1)
  {
    ?>
    <form method="post" action="submit_new.php">
    <input type="hidden" name="email" value="<?php echo $email;?>">
    <p>Enter New password</p>
    <input type="password" name='password'>
    <input type="submit" name="submit_password">
    </form>
    <?php
  }
}
?>

第3步:制作一个PHP文件以重置密码

<?php
if(isset($_POST['submit_password']) && $_POST['key'] && $_POST['reset'])
{
  $email=$_POST['email'];
  $pass=$_POST['password'];
  mysql_connect('localhost','root','');
  mysql_select_db('sample');
  $select=mysql_query("update user set password='$pass' where email='$email'");
}
?>

第4步:制作一个PHP文件以更新新密码