The author took on a project some time ago, which included a user registration system and used the password retrieval function. I will briefly organize it and write down some thoughts.
First, we assume that you already have a user registration system. The user table may be as follows:
create table member(
id int unsigned not null auto_incremtnt,
username………………
passwords char(32) not null,
email varchar(100) not null,
……………………………..
);
The focus of the discussion now is not database design, we mainly talk about password retrieval.
The password retrieval solutions we can choose may include the following:
1. Users preset password retrieval questions and provide password retrieval answers.
2. Users can retrieve their password via email
........................
The first option may be a good solution, but we do not choose this option this time, and the various reasons are beyond the scope of this discussion. We use the second option as the main discussion object this time.
So let's get started.
The benefits of the second option are:
1. Registered users must provide a correct email address, otherwise they will not be able to use the password reset function provided by the system.
2. Must be confirmed by the user via email.
This may be a good thing for businesses. Enterprises always try their best to obtain the real and specific information of users in order to provide targeted mailing list services. This is also one of the main reasons why users of this development requested this.
We may provide a link in the login interface or after a failed login. Of course you can define the link name yourself. What I defined is: Forgot your password? Do you need to retrieve it?
When the user clicks to find the password, we will provide an input form. Let the user enter their username (if the login fails, we can use session to fill in the form content). After the user clicks submit, we begin our password reset feature process.
We might create a file like this send_reset_pass_mail.php. This file is mainly responsible for generating a string passed through the GET method and sending it out.
The code might be as follows:
PHP code:
/**
* We assume that you have configured your sql information and mail information in the config.inc.php file
*/
require_once('config.inc.php');
/**
* You need the sendmail class to send emails. We also assume that you have configured it and can send emails
*/
require_once('sendMail.inc.php');
/**
* First we execute the query and get the relevant information of this user
* Don't tell me that you don't know how $_POST['username'] is obtained. If so, I will depress you.
* I used the adodb class and declared it in the configuration file
*/
$username = trim($_POST['username']);
$sql = "select email,passwords from member where username = '".trim($_POST['username'])."'";
$userInfo = $db->FetchRow($sql);
$user_pass = $userInfo['passwords'];
$user_email = $userInfo['email'];
/**
* OK, we have some of the things we need, it seems we have to proceed to the next step
* Now let us generate a string that has been encrypted by md5. Don’t ask why, I will tell you later
*/
$x = md5($username.' '.$passwords);
//Now we can send emails to the user. Of course, we also need another password reset program resetUserPass.php
$String = base64_encode($username.".".$x);