问题
I need to implement a forgot password to a login page. First I verify email then generate a string, after that send a link with key and email to the particular mail.
I know how to reset but what happened receive the link to that mail
$message= "<a href='".base_url()."user/reset_pass/$key/$email'>";
This is the link I provided.
回答1:
First you need to check if session exist when user click on forgot password. if No,then set validation method for email which you will be taking from user.
like this :
$this->form_validation->set_rules('email', 'Email', 'required|valid_email|callback_email_exists');
In email_exists method,check if user exists or not with the given email id.
if user exists then create a mail function.In message send link for resetting password.
$slug = md5($user->user_id . $user->email . date('Ymd'));
$this->email->message('To reset your password please click the link below and follow the instructions:
'. site_url('forgotpassword/reset/'.$user->user_id .'/'. $slug) .'
If you did not request to reset your password then please just ignore this email and no changes will occur.
Note: This reset code will expire after '. date('j M Y') .'.');
And send the mail.
when user click on reset link which point the method will again check session.if session exists redirect use to Homepage else get third and fourth segment from url.
$user_id = $this->uri->segment(3);
if(!$user_id) show_error('Invalid reset code.');
$hash = $this->uri->segment(4);
if(!$hash) show_error('Invalid reset code.');
Taking user id from url.again make $slug from db values and compare it with url $slug.if both matched then provide user the reset fields with password and confirm password.
If both password match.Update the password.
回答2:
Basic process should be something like this :
- User clicks forgot password
- Verify email or userid exists on DB
- Create the
key - UPDATE
keyandtimeon users row in DB ( need 2 columns for this ) Create Email containing link but with just the
KEYthe email address is unnecessary and might be sniffed which could be used to compromise this process.<a href='".base_url()."user/reset_pass/$key'>
User clicks link on the email they receive
- runs the user controllers reset_pass method and is passed the key as param
- Search Users table for the key
If not found
- throw user somewhere, probably a hack
If found but time limit is exceeded
- generate another email with a new key
- UPDATE user table with new
keyandtime
If found and time is within limits
- Throw user the reset password view
Once password is reset
- Update user table set
keyandtimecolumns to NULL
回答3:
I wouldn't try to give email address as a get method for resetting password. You just can send a hash key as a url and get your job done. And these hash key will verify as token data , which will be active for a limited time . That's it .
来源:https://stackoverflow.com/questions/31853152/forgot-password-in-codeigniter