使用令牌在Codeigniter中忘记密码
我的目标是在codeigniter中实现忘记密码功能。但是,当我尝试在项目中应用它时,发现了一些错误,而且我不知道如何解决。
错误是当我单击我的令牌代码时出现的:
源代码模式:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class M_Account extends CI_Model{
function daftar($data) {
$this->db->insert('admin',$data);
}
//Start: method tambahan untuk reset code
public function getUserInfo($id)
{
$q = $this->db->get_where('admin', array('id_admin' => $id), 1);
if($this->db->affected_rows() > 0){
$row = $q->row();
return $row;
}else{
error_log('no user found getUserInfo('.$id.')');
return false;
}
}
public function getUserInfoByEmail($email){
$q = $this->db->get_where('admin', array('email' => $email), 1);
if($this->db->affected_rows() > 0){
$row = $q->row();
return $row;
}
}
public function insertToken($user_id)
{
$token = substr(sha1(rand()), 0, 30);
$date = date('Y-m-d');
$string = array(
'token'=> $token,
'user_id'=>$user_id,
'created'=>$date
);
$query = $this->db->insert_string('tokens',$string);
$this->db->query($query);
return $token . $user_id;
}
public function isTokenValid($token)
{
$tkn = substr($token,0,30);
$uid = substr($token,30);
$q = $this->db->get_where('tokens', array(
'tokens.token' => $tkn,
'tokens.user_id' => $uid), 1);
if($this->db->affected_rows() > 0){
$row = $q->row();
$created = $row->created;
$createdTS = strtotime($created);
$today = date('Y-m-d');
$todayTS = strtotime($today);
if($createdTS != $todayTS){
return false;
}
$user_info = $this->getUserInfo($row->user_id);
return $user_info;
}else{
return false;
}
}
public function updatePassword($post)
{
$this->db->where('id_admin', $post['id_admin']);
$this->db->update('admin', array('password' => $post['password']));
return true;
}
//End: method tambahan untuk reset code
}
源代码控制器:
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Lupa_password extends CI_Controller {
function __construct(){
parent::__construct();
$this->load->model('M_Account');
}
public function index()
{
$this->form_validation->set_rules('email', 'Email', 'required|valid_email');
if($this->form_validation->run() == FALSE) {
$data['title'] = 'Halaman Reset Password | Tutorial reset password CodeIgniter @ https://recodeku.blogspot.com';
$this->load->view('admin/lupa_password',$data);
}else{
$email = $this->input->post('email');
$clean = $this->security->xss_clean($email);
$userInfo = $this->M_Account->getUserInfoByEmail($clean);
if(!$userInfo){
$this->session->set_flashdata('sukses', 'email address salah, silakan coba lagi.');
redirect(site_url('admin/loginadmin'),'refresh');
}
//build token
$token = $this->M_Account->insertToken($userInfo->id_admin);
$qstring = $this->base64url_encode($token);
$url = site_url() . 'admin/lupa_password/reset_password/token/' . $qstring;
$link = '<a href="' . $url . '">' . $url . '</a>';
$message = '';
$message .= '<strong>Hai, anda menerima email ini karena ada permintaan untuk memperbaharui
password anda.</strong><br>';
$message .= '<strong>Silakan klik link ini:</strong> ' . $link;
echo $message; //send this through mail
exit;
}
}
public function reset_password()
{
$token = $this->base64url_decode($this->uri->segment(4));
$cleanToken = $this->security->xss_clean($token);
$user_info = $this->M_Account->isTokenValid($cleanToken); //either false or array();
if(!$user_info){
$this->session->set_flashdata('sukses', 'Token tidak valid atau kadaluarsa');
redirect(site_url('login'),'refresh');
}
$data = array(
'title'=> 'Halaman Reset Password | Tutorial reset password CodeIgniter @ https://recodeku.blogspot.com',
'nama'=> $user_info->nama,
'email'=>$user_info->email,
'token'=>$this->base64url_encode($token)
);
$this->form_validation->set_rules('password', 'Password', 'required|min_length[5]');
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'required|matches[password]');
if ($this->form_validation->run() == FALSE) {
$this->load->view('admin/reset_password', $data);
}else{
$post = $this->input->post(NULL, TRUE);
$cleanPost = $this->security->xss_clean($post);
$hashed = md5($cleanPost['password']);
$cleanPost['password'] = $hashed;
$cleanPost['id_admin'] = $user_info->id_admin;
unset($cleanPost['passconf']);
if(!$this->M_Account->updatePassword($cleanPost)){
$this->session->set_flashdata('sukses', 'Update password gagal.');
}else{
$this->session->set_flashdata('sukses', 'Password anda sudah
diperbaharui. Silakan login.');
}
redirect(site_url('admin/loginadmin'),'refresh');
}
}
public function base64url_encode($data) {
return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');
}
public function base64url_decode($data) {
return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
}
}
源代码查看lupa_password.php:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>
<?= $title;?>
</title>
</head>
<body>
<h2>Lupa Password</h2>
<p>Untuk melakukan reset password, silakan masukkan alamat email anda. </p>
<?php echo form_open('lupa_password');?>
<p>Email:</p>
<p>
<input type="text" name="email" value="<?php echo set_value('email'); ?>"/>
</p>
<p> <?php echo form_error('email'); ?> </p>
<p>
<input type="submit" name="btnSubmit" value="Submit" />
</p>
</body>
</html>
源代码reset_password:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>
<?= $title;?>
</title>
</head>
<body>
<h2>Reset Password</h2>
<h5>Hello <span><?php echo $nama; ?></span>, Silakan isi password baru anda.</h5>
<?php echo form_open('lupa_password/reset_password/token/'.$token); ?>
<p>Password Baru:</p>
<p>
<input type="password" name="password" value="<?php echo set_value('password'); ?>"/>
</p>
<p> <?php echo form_error('password'); ?> </p>
<p>Konfirmasi Password:</p>
<p>
<input type="password" name="passconf" value="<?php echo set_value('passconf'); ?>"/>
</p>
<p> <?php echo form_error('passconf'); ?> </p>
<p>
<input type="submit" name="btnSubmit" value="Reset" />
</p>
</body>
</html>
1 个答案:
答案 0 :(得分:0)
也许您可以将reset_password函数更改为这样:
public function reset_password($token){
$cleanToken = $this->security->xss_clean($token);
$user_info = $this->M_Account->isTokenValid($cleanToken); //either false or array();
if(!$user_info){
$this->session->set_flashdata('sukses', 'Token tidak valid atau kadaluarsa');
redirect(site_url('login'),'refresh');
}
$data = array(
'title'=> 'Halaman Reset Password | Tutorial reset password CodeIgniter @ https://recodeku.blogspot.com',
'nama'=> $user_info->nama,
'email'=>$user_info->email,
'token'=>$this->base64url_encode($token)
);
$this->form_validation->set_rules('password', 'Password', 'required|min_length[5]');
$this->form_validation->set_rules('passconf', 'Password Confirmation', 'required|matches[password]');
if ($this->form_validation->run() == FALSE) {
$this->load->view('admin/reset_password', $data);
}else{
$post = $this->input->post(NULL, TRUE);
$cleanPost = $this->security->xss_clean($post);
$hashed = md5($cleanPost['password']);
$cleanPost['password'] = $hashed;
$cleanPost['id_admin'] = $user_info->id_admin;
unset($cleanPost['passconf']);
if(!$this->M_Account->updatePassword($cleanPost)){
$this->session->set_flashdata('sukses', 'Update password gagal.');
}else{
$this->session->set_flashdata('sukses', 'Password anda sudah
diperbaharui. Silakan login.');
}
redirect(site_url('admin/loginadmin'),'refresh');
}
}
并将表单目标网址更改为
<?php echo form_open('lupa_password/reset_password/'.$token); ?>
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?