Forgot password in codeigniter

痴心易碎 提交于 2019-12-22 15:56:02

问题


I need to implement a forgot password to a login page. First I verify email then generate a string, after that send a link with key and email to the particular mail.

I know how to reset but what happened receive the link to that mail

$message= "<a href='".base_url()."user/reset_pass/$key/$email'>";

This is the link I provided.


回答1:


First you need to check if session exist when user click on forgot password. if No,then set validation method for email which you will be taking from user.

like this :

$this->form_validation->set_rules('email', 'Email', 'required|valid_email|callback_email_exists');

In email_exists method,check if user exists or not with the given email id.

if user exists then create a mail function.In message send link for resetting password.

$slug = md5($user->user_id . $user->email . date('Ymd'));
    $this->email->message('To reset your password please click the link below and follow the instructions:

'. site_url('forgotpassword/reset/'.$user->user_id .'/'. $slug) .'
If you did not request to reset your password then please just ignore this email and no changes will occur.
Note: This reset code will expire after '. date('j M Y') .'.');

And send the mail.

when user click on reset link which point the method will again check session.if session exists redirect use to Homepage else get third and fourth segment from url.

$user_id = $this->uri->segment(3);
if(!$user_id) show_error('Invalid reset code.');
$hash = $this->uri->segment(4);
if(!$hash) show_error('Invalid reset code.');

Taking user id from url.again make $slug from db values and compare it with url $slug.if both matched then provide user the reset fields with password and confirm password.

If both password match.Update the password.




回答2:


Basic process should be something like this :

  • User clicks forgot password
  • Verify email or userid exists on DB
  • Create the key
  • UPDATE key and time on users row in DB ( need 2 columns for this )
  • Create Email containing link but with just the KEY the email address is unnecessary and might be sniffed which could be used to compromise this process.

    <a href='".base_url()."user/reset_pass/$key'>

User clicks link on the email they receive

  • runs the user controllers reset_pass method and is passed the key as param
  • Search Users table for the key

If not found

  • throw user somewhere, probably a hack

If found but time limit is exceeded

  • generate another email with a new key
  • UPDATE user table with new key and time

If found and time is within limits

  • Throw user the reset password view

Once password is reset

  • Update user table set key and time columns to NULL



回答3:


I wouldn't try to give email address as a get method for resetting password. You just can send a hash key as a url and get your job done. And these hash key will verify as token data , which will be active for a limited time . That's it .



来源:https://stackoverflow.com/questions/31853152/forgot-password-in-codeigniter

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!