怎么生成“密码重置”那种“一次性链接” -PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

怎么生成“密码重置”那种“一次性链接”

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 pm 01:21 PM

code md5 session

如何生成“密码重置”那种“一次性链接”
RT.
就像一些网站用来给忘记密码的用户，提供的密码重置的链接。

发到用户注册邮箱里的那种，只能触发一次，用过一次以后就不能用了。

有时候还有时间限制，比如24小时内链接有效之类的。

谁知道这个用 PHP 如何实现呢。

谢谢啦

------解决方案--------------------
时间轴控制。先生成连接，记录生成时间，然后设置死亡时间。超过24小时或者点击过一次后就over
------解决方案--------------------
根据时间戳什么的生成可逆加密串取得后再进行还原验证验证时间是否超时就可以了.
------解决方案--------------------
要实现一次性的话那就得把加密串记录下来了，每次收到连接请求到记录里面查询一下
------解决方案--------------------
“一次性”？？？
很简单，你只需查询一下表，在表中就通过，否则就拒绝

表中只需一个字段 char(32) 设为主键
只存放需要验证内容的 MD5 值
操作也很简单，执行 delete from tbl_name where key='值'
如果 mysql_affected_rows 返回 0 就表示未通过

这个方案可以验证任何“一次性”，只要你取得要验证对象的MD5。无需顾忌验证对象的真实内容
------解决方案--------------------
扯淡.

点重置密码,你就给数据库插一行,有自增ID做KEY,并且有用户名,是否完成验证,创建日期TIME_STAMP，唯一标示符md5. （为了数据库安全性，生成一个MD5值作标识发给用户，md5(id . username . time)）。
然后发个URL在邮件里：xxxx.com?id=md5即可。

用户访问这个url的时候从数据库里找该md5，标记完成即可。
------解决方案--------------------
=。= 还用表？这种数据记录下来貌似是给dba找麻烦呀...

随便用 username + unixtimestamp + 一段key 然后对某几位进行一下哈希不就行了？....

验证超时的时候，提取出unixtimestamp字段，就可以随意做时间限制了...
------解决方案--------------------
我说说我的思路。其实很简单
因为SESSION是有生命期的，SESSION过期同时链接自动过期即可。
思路：
确定用户身份后。利用session ID+用户名生成一个唯一的标识

PHP code


$_SESSION['FORGET_CODE']=md5(session_id() . 'XXX');        //XXX是要重置密码的用户名
/*生成的链接如下*/
$href="http://www.domain.com/forget.php?code={$_SESSION['FORGET_CODE']}";
<br><font color="#e78608">------解决方案--------------------</font><br>1，可以把用户的申请时间记录到数据库中<br>2，使用能解密的算法，把时间也做为数据加密，discuz有这种方法。 <div class="clear">
                 
              
              
        
            </div>

Copy after login

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks ago By DDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks ago By DDD

Where to find the Crane Control Keycard in Atomfall

3 weeks ago By DDD

Assassin's Creed Shadows - How To Find The Blacksmith And Unlock Weapon And Armour Customisation

4 weeks ago By DDD

Roblox: Dead Rails - How To Complete Every Challenge

3 weeks ago By DDD

Hot Tools

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Hot Topics

Where is the login entrance for gmail email?

7575

CakePHP Tutorial

1386

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers

110

Related knowledge

How to set session timeout in SpringBoot Session May 15, 2023 pm 02:37 PM

The problem was found in the springboot project production session-out timeout. The problem is described below: In the test environment, the session-out was configured by changing the application.yaml. After setting different times to verify that the session-out configuration took effect, the expiration time was directly set to 8 hours for release. Arrived in production environment. However, I received feedback from customers at noon that the project expiration time was set to be short. If no operation is performed for half an hour, the session will expire and require repeated logins. Solve the problem of handling the development environment: the springboot project has built-in Tomcat, so the session-out configured in application.yaml in the project is effective. Production environment: Production environment release is

How to solve session failure Oct 18, 2023 pm 05:19 PM

Session failure is usually caused by the session lifetime expiration or server shutdown. The solutions: 1. Extend the lifetime of the session; 2. Use persistent storage; 3. Use cookies; 4. Update the session asynchronously; 5. Use session management middleware.

Solution to PHP Session cross-domain problem Oct 12, 2023 pm 03:00 PM

Solution to the cross-domain problem of PHPSession In the development of front-end and back-end separation, cross-domain requests have become the norm. When dealing with cross-domain issues, we usually involve the use and management of sessions. However, due to browser origin policy restrictions, sessions cannot be shared by default across domains. In order to solve this problem, we need to use some techniques and methods to achieve cross-domain sharing of sessions. 1. The most common use of cookies to share sessions across domains

What should I do if the php session disappears after refreshing? Jan 18, 2023 pm 01:39 PM

Solution to the problem that the php session disappears after refreshing: 1. Open the session through "session_start();"; 2. Write all public configurations in a php file; 3. The variable name cannot be the same as the array subscript; 4. In Just check the storage path of the session data in phpinfo and check whether the sessio in the file directory is saved successfully.

How to use MD5 encryption in MySQL May 28, 2023 pm 02:16 PM

What is MD5? MD5 Message-DigestAgorithm (English: MD5Message-DigestAgorithm), a widely used cryptographic hash function, can produce a 128-bit (16-byte) hash value (hash value) to ensure complete and consistent information transmission. MD5 was designed by American cryptographer Ronald Linn Rivest and made public in 1992 to replace the MD4 algorithm. The program of this algorithm is specified in the RFC1321 standard. After 1996, the algorithm was proven to have weaknesses and could be cracked. For data requiring high security, experts generally recommend using other algorithms.

What is the default expiration time of session php? Nov 01, 2022 am 09:14 AM

The default expiration time of session PHP is 1440 seconds, which is 24 minutes, which means that if the client does not refresh for more than 24 minutes, the current session will expire; if the user closes the browser, the session will end and the Session will no longer exist.

How to solve the problem that the Springboot2 session timeout setting is invalid May 22, 2023 pm 01:49 PM

Problem: Today, we encountered a setting timeout problem in our project, and changes to SpringBoot2’s application.properties never took effect. Solution: The server.* properties are used to control the embedded container used by SpringBoot. SpringBoot will create an instance of the servlet container using one of the ServletWebServerFactory instances. These classes use server.* properties to configure the controlled servlet container (tomcat, jetty, etc.). When the application is deployed as a war file to a Tomcat instance, the server.* properties do not apply. They do not apply,

How to implement SMS login in Redis shared session application Jun 03, 2023 pm 03:11 PM

1. Implementing SMS login based on session 1.1 SMS login flow chart 1.2 Implementing sending SMS verification code Front-end request description: Description of request method POST request path /user/code request parameter phone (phone number) return value No back-end interface implementation: @Slf4j@ ServicepublicclassUserServiceImplextendsServiceImplimplementsIUserService{@OverridepublicResultsendCode(Stringphone,HttpSessionsession){//1. Verify mobile phone number if

See all articles