1. 首頁
  2. 問答
  3. 如何在電子郵件中發送解密密碼

如何在電子郵件中發送解密密碼

2016-05-09 155 views
-5

在我的表中密碼是加密形式。 我使用MD5來加密password.now我想發送密碼,如果emailid存在於數據庫中。 一切工作正常......但密碼以加密形式發送給用戶的電子郵件。如何在電子郵件中發送解密密碼

我怎麼解密這之前發送電子郵件和發送原始密碼到useron電子郵件。

下面是我的代碼..

function forgotpassword() { 
     $this->layout = "layout_login"; 
     if (!empty($this->request->data)) { 
      $email = $this->request->data['User']['email']; 
      if (!empty($email)) { 
       $user = $this->User->find('first', array(
        'conditions' => array(
         'User.email' => $this->request->data['User']['email'], 
         'User.status' => 1 
        ) 
       ));    
       if(!$user) { 
       $this->Session->setFlash("No Such E-mail address registerd with us"); 
       } else {     
       $subject = "Account Password from Kaya Dispatch"; 
       $this->Email->from = '[email protected]'; 
       $to = trim($this->request->data['User']['email']); 
       $this->Email->sendAs = 'both';    
       $this->Email->to = $to; 
       $this->Email->subject = $subject; 
       $email = $user['User']['email']; 
       $password = md5($user['User']['password']); 
       $message = ""; 
       $message .= "Please find the below Email ID and Password of your account: <br/><br/>"; 
       $message .= "<b>Your Email:</b> " .$email. "<br/>";    
       $message .= "<b>Your Password:</b> " . $password . "<br/>"; 
       $message .= "<br/>Thanks, <br/>Support Team";    
       if ($this->Email->send($message)) { 
        $this->Session->setFlash("Password Send Successfully to your email"); 
        } else { 
         $this->Session->setFlash("Something Went Wrong.Email is not send"); 
        } 
       } 
      } 
     } 
    }

來源

2016-05-09 martin ingle

+3

從來沒有。你不能恢復MD5,因爲它很好 – splash58

+2

你永遠不應該能夠做到這一點。哈希(你沒有使用加密)是單向的,它不能被取消。即使可能,您也永遠無法獲得用戶的密碼。 –

+4

**旁註**:解密密碼並將其發送給用戶確實不是一個好主意,因爲它不安全。如果用戶忘記密碼,更好的方法是重置密碼。另外,'md5()'不安全,請使用'password_hash()'和'password_verify'來代替 – Panda

回答

0

如果你想使方法forgotPassword你可以分兩步使這個:

第一步:通過電子郵件

查找用戶時,如果存在, 生成臨時令牌,我們將通過郵件發送給用戶,我們也會保存在數據庫中

查看:(用戶/ forgot_password.ctp)

<?= $this -> Form -> create('User') ?> 
    <?= __('Forgot password'); ?> 
    <?= $this -> Flash -> render('auth') ?> 
    <?= $this -> Form -> input('email' , ['type' => 'text','label' => ['text' => __('Email')]]) ?> 
    <?= $this -> Form -> button(__('Send mail'), ['class' => 'btn btn-lg btn-primary btn-block']) ?> 
<?= $this -> Form -> end() ?>

方法:

(用戶模式應該有'passwod_digest'場保存臨時令牌)

public function forgotPassword() { 
    if($this -> request -> is('post')) { 

     $user_email = $this -> request -> data['email']; 
     if(filter_var($user_email, FILTER_VALIDATE_EMAIL)) { 

      $user = $this -> Users -> findByEmail($user_email) -> first(); 

      if($user){ 
       $token = sha1($user_email . time()); 

       $user['password_digest'] = $token; 

       $this -> Users -> save($user); 

       $email = new Email('default'); 

       $path = Router::url('/', true); 
       $prefix = null; 

       if(isset($this -> request -> params['prefix'])) { 

        $prefix = $this -> request->params['prefix'] . DS; 

       } 

       $message = __('To regenerate password follow this link: ') . $path . $prefix .'users' . DS . 'resetPassword' . DS . $token; 

       $email 
        -> from([[email protected] => yourAppName]) 
        -> to($user_email) 
        -> subject(__('Reset password')) 
        -> send($message); 
       $this -> Flash -> success(__('Please check your email')); 
      } else{ 
       $this -> Flash -> error(__('This email not extist in our data base.')); 
      } 
     } else { 
      $this -> Flash -> error(__('It´s not email format.')); 
     } 
    } 
}

用戶誰這樣收取郵件:

要regener吃了密碼,請點擊此鏈接:

HTTP ://www.yourAppUrl.com/users/resetPassword/9bf31c7ff062936a96d3c8bd1f8f2ff3

現在我們做第二步創建新密碼

查看: (用戶/ rest_password.ctp)

<?= $this -> Form -> create(null, ['class'=>'form-register', 'error' => false]) ?> 
    <?= $this -> Flash -> render('auth') ?> 
    <?= $this -> Form -> input('password', ['type' => 'password', 'label' => ['text' => __('Password')]]) ?> 
    <?= $this -> Form -> input('confirm_password' , ['type' => 'password', 'label' => ['text' => __('Confirm Password')]]) ?> 
    <?= $this -> Form -> button(__('Send'), ['class' => 'btn btn-lg btn-primary btn-block']) ?> 
<?= $this -> Form -> end() ?>

方法:

public function resetPassword() { 

    //Check if param exist and exist user with token pass 
    if(isset($this -> request -> params['pass'][0]) && $this -> Users -> exists(['password_digest' => $this -> request->params['pass'][0]])) { 

     if($this -> request -> is('post')) { 

      //Find user with magical function by find by Password Digest 
      $user = $this -> Users -> findByPasswordDigest($this -> request -> params['pass'][0]) -> first(); 

      $user = $this -> Users -> patchEntity($user, $this -> request -> data); 

      $user['password_digest'] = null; //Clean token in data base 

      if ($this -> Users -> save($user)) { 
       $this -> Flash -> success(__('The new password has been saved!, please Login now with your new password')); 
       return $this -> redirect(['action' => 'login']); 
      } else { 
       $this -> Flash -> error(__('This is not valid password.')); 
      } 
     } 
    } else { 
     //No param or not user with this token 
     $this -> Flash -> error(__('This is not valid token.')); 
     return $this -> redirect(['controller' => 'Pages', 'action' => 'home']); 
    } 
}

[編輯] 不要忘添加此方法無需註冊被允許:

// In AppController.php  
public function beforeFilter(Event $event) { 

    //Autorized acctions without registration 
    $this -> Auth -> allow(array('forgotPassword', 'resetPassword')); 
}

或者

//In UsersController.php 
public function beforeFilter(Event $event) { 

    parent::beforeFilter($event); 
    $this -> Auth -> allow(['forgotPassword', 'resetPassword']); 
}

來源

2016-05-13 10:59:12

相關問題

 相關問題