使用令牌在Codeigniter中忘记密码

时间:2019-02-20 01:14:52

标签: php codeigniter token forgot-password

我的目标是在codeigniter中实现忘记密码功能。但是,当我尝试在项目中应用它时,发现了一些错误,而且我不知道如何解决。

错误是当我单击我的令牌代码时出现的:

源代码模式:

<?php   
  defined('BASEPATH') OR exit('No direct script access allowed');   
  class M_Account extends CI_Model{   

   function daftar($data) {   
    $this->db->insert('admin',$data);   
   }  

   //Start: method tambahan untuk reset code  
   public function getUserInfo($id)  
   {  
     $q = $this->db->get_where('admin', array('id_admin' => $id), 1);   
     if($this->db->affected_rows() > 0){  
       $row = $q->row();  
       return $row;  
     }else{  
       error_log('no user found getUserInfo('.$id.')');  
       return false;  
     }  
   }  

  public function getUserInfoByEmail($email){  
     $q = $this->db->get_where('admin', array('email' => $email), 1);   
     if($this->db->affected_rows() > 0){  
       $row = $q->row();  
       return $row;  
     }  
   }  

   public function insertToken($user_id)  
   {    
     $token = substr(sha1(rand()), 0, 30);   
     $date = date('Y-m-d');  

     $string = array(  
         'token'=> $token,  
         'user_id'=>$user_id,  
         'created'=>$date  
       );  
     $query = $this->db->insert_string('tokens',$string);  
     $this->db->query($query);  
     return $token . $user_id;  

   }  

   public function isTokenValid($token)  
   {  
     $tkn = substr($token,0,30);  
     $uid = substr($token,30);     

     $q = $this->db->get_where('tokens', array(  
       'tokens.token' => $tkn,   
       'tokens.user_id' => $uid), 1);               

     if($this->db->affected_rows() > 0){  
       $row = $q->row();         

       $created = $row->created;  
       $createdTS = strtotime($created);  
       $today = date('Y-m-d');   
       $todayTS = strtotime($today);  

       if($createdTS != $todayTS){  
         return false;  
       }  

       $user_info = $this->getUserInfo($row->user_id);  
       return $user_info;  

     }else{  
       return false;  
     }  

   }   

   public function updatePassword($post)  
   {    
     $this->db->where('id_admin', $post['id_admin']);  
     $this->db->update('admin', array('password' => $post['password']));      
     return true;  
   }   
   //End: method tambahan untuk reset code  
 }   

源代码控制器:

 <?php  
 defined('BASEPATH') OR exit('No direct script access allowed');  

 class Lupa_password extends CI_Controller {  

    function __construct(){
    parent::__construct();
       $this->load->model('M_Account');
   }
     public function index()  
     {  

         $this->form_validation->set_rules('email', 'Email', 'required|valid_email');   

         if($this->form_validation->run() == FALSE) {  
             $data['title'] = 'Halaman Reset Password | Tutorial reset password CodeIgniter @ https://recodeku.blogspot.com';  
             $this->load->view('admin/lupa_password',$data);  
         }else{  
             $email = $this->input->post('email');   
             $clean = $this->security->xss_clean($email);  
             $userInfo = $this->M_Account->getUserInfoByEmail($clean);  

             if(!$userInfo){  
               $this->session->set_flashdata('sukses', 'email address salah, silakan coba lagi.');  
               redirect(site_url('admin/loginadmin'),'refresh');   
             }    

             //build token   

             $token = $this->M_Account->insertToken($userInfo->id_admin);              
             $qstring = $this->base64url_encode($token);           
             $url = site_url() . 'admin/lupa_password/reset_password/token/' . $qstring;  
             $link = '<a href="' . $url . '">' . $url . '</a>';   

             $message = '';             
             $message .= '<strong>Hai, anda menerima email ini karena ada permintaan untuk memperbaharui  
                 password anda.</strong><br>';  
             $message .= '<strong>Silakan klik link ini:</strong> ' . $link;         

             echo $message; //send this through mail  
             exit;  

         }  

     }  

     public function reset_password()  
     {  
       $token = $this->base64url_decode($this->uri->segment(4));           
       $cleanToken = $this->security->xss_clean($token);  

       $user_info = $this->M_Account->isTokenValid($cleanToken); //either false or array();          

       if(!$user_info){  
         $this->session->set_flashdata('sukses', 'Token tidak valid atau kadaluarsa');  
         redirect(site_url('login'),'refresh');   
       }    

       $data = array(  
         'title'=> 'Halaman Reset Password | Tutorial reset password CodeIgniter @ https://recodeku.blogspot.com',  
         'nama'=> $user_info->nama,   
         'email'=>$user_info->email,   
         'token'=>$this->base64url_encode($token)  
       );  

       $this->form_validation->set_rules('password', 'Password', 'required|min_length[5]');  
       $this->form_validation->set_rules('passconf', 'Password Confirmation', 'required|matches[password]');         

       if ($this->form_validation->run() == FALSE) {    
         $this->load->view('admin/reset_password', $data);  
       }else{  

         $post = $this->input->post(NULL, TRUE);          
         $cleanPost = $this->security->xss_clean($post);          
         $hashed = md5($cleanPost['password']);          
         $cleanPost['password'] = $hashed;  
         $cleanPost['id_admin'] = $user_info->id_admin;  
         unset($cleanPost['passconf']);          
         if(!$this->M_Account->updatePassword($cleanPost)){  
           $this->session->set_flashdata('sukses', 'Update password gagal.');  
         }else{  
           $this->session->set_flashdata('sukses', 'Password anda sudah  
             diperbaharui. Silakan login.');  
         }  
         redirect(site_url('admin/loginadmin'),'refresh');         
       }  
     }  

   public function base64url_encode($data) {   
    return rtrim(strtr(base64_encode($data), '+/', '-_'), '=');   
   }   

   public function base64url_decode($data) {   
    return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));   
   }    
 }  

源代码查看lupa_password.php:

 <!DOCTYPE html>   
  <html>   
  <head>   
   <meta charset="UTF-8">   
   <title>   
     <?= $title;?>  
   </title>   
 </head>   
 <body>   
   <h2>Lupa Password</h2>   
   <p>Untuk melakukan reset password, silakan masukkan alamat email anda. </p>   
   <?php echo form_open('lupa_password');?>   
   <p>Email:</p>   
   <p>   
     <input type="text" name="email" value="<?php echo set_value('email'); ?>"/>   
   </p>   
   <p> <?php echo form_error('email'); ?> </p>   
   <p>   
     <input type="submit" name="btnSubmit" value="Submit" />   
   </p>   
 </body>   
 </html>   

源代码reset_password:

  <!DOCTYPE html>   
  <html>   
  <head>   
   <meta charset="UTF-8">   
   <title>   
     <?= $title;?>  
   </title>   
 </head>   
 <body>   
   <h2>Reset Password</h2>   
   <h5>Hello <span><?php echo $nama; ?></span>, Silakan isi password baru anda.</h5>   
   <?php echo form_open('lupa_password/reset_password/token/'.$token); ?>  
   <p>Password Baru:</p>   
   <p>   
     <input type="password" name="password" value="<?php echo set_value('password'); ?>"/>   
   </p>   
   <p> <?php echo form_error('password'); ?> </p>   
   <p>Konfirmasi Password:</p>   
   <p>   
     <input type="password" name="passconf" value="<?php echo set_value('passconf'); ?>"/>   
   </p>   
   <p> <?php echo form_error('passconf'); ?> </p>   
   <p>   
     <input type="submit" name="btnSubmit" value="Reset" />   
   </p>   
 </body>   
 </html>  

1 个答案:

答案 0 :(得分:0)

也许您可以将reset_password函数更改为这样:

public function reset_password($token){         
       $cleanToken = $this->security->xss_clean($token);  
       $user_info = $this->M_Account->isTokenValid($cleanToken); //either false or array();          
       if(!$user_info){  
         $this->session->set_flashdata('sukses', 'Token tidak valid atau kadaluarsa');  
         redirect(site_url('login'),'refresh');   
       }    

       $data = array(  
         'title'=> 'Halaman Reset Password | Tutorial reset password CodeIgniter @ https://recodeku.blogspot.com',  
         'nama'=> $user_info->nama,   
         'email'=>$user_info->email,   
         'token'=>$this->base64url_encode($token)  
       );  

       $this->form_validation->set_rules('password', 'Password', 'required|min_length[5]');  
       $this->form_validation->set_rules('passconf', 'Password Confirmation', 'required|matches[password]');         

       if ($this->form_validation->run() == FALSE) {    
         $this->load->view('admin/reset_password', $data);  
       }else{  

         $post = $this->input->post(NULL, TRUE);          
         $cleanPost = $this->security->xss_clean($post);          
         $hashed = md5($cleanPost['password']);          
         $cleanPost['password'] = $hashed;  
         $cleanPost['id_admin'] = $user_info->id_admin;  
         unset($cleanPost['passconf']);          
         if(!$this->M_Account->updatePassword($cleanPost)){  
           $this->session->set_flashdata('sukses', 'Update password gagal.');  
         }else{  
           $this->session->set_flashdata('sukses', 'Password anda sudah  
             diperbaharui. Silakan login.');  
         }  
         redirect(site_url('admin/loginadmin'),'refresh');         
       }  
     }

并将表单目标网址更改为

<?php echo form_open('lupa_password/reset_password/'.$token); ?>