Password Reset

Asked

Viewed 1,023 times

0

I’m making an app but I’m having difficulty implementing the option to reset password, use a web server, I would like to know what is the best password reset option:

1) Secret question chosen by the user at the time of registration;

2)Reset how to send a message to the user’s email.

Note: I don’t know how to implement the second option. How can I make a php code to send an email automatically to the user

1 answer

0


My friend, the second option is certainly the safest and most recommended. Sending an email from the server via Php is relatively simple...

 <?php
  include('../conexao/conexao.php');
  date_default_timezone_set('America/Sao_Paulo');
  ini_set('smtp_port', '587');
  if(isset($_POST['acao']) && $_POST['acao'] == 'recuperar'){
    //filtra caracteres especiais
    $email = strip_tags(filter_input(INPUT_POST, 'emailRecupera', FILTER_SANITIZE_STRING));
    $sql = "SELECT * FROM usuario WHERE email = '$email'";
    $verificar = mysqli_query($conexao,$sql);
    if(mysqli_num_rows($verificar) == 1){
      $codigo = base64_encode($email);
      $data_expirar = date('Y-m-d H:i:s', strtotime('+1 day'));
      $mensagem ="<html>
                    <head></head>
                      <body>
                        <h1>Reservas de Salas - ENE</h1><br>
                        <h2>Recebemos uma tentativa de recuperação de senha para este e-mail.</h2>
                        <p>Caso não tenha solicitado, por favor, desconsidere este e-mail. Caso contrário clique no link abaixo para alterar a senha.<br><br>
                        <a href= http://homol.redes.unb.br/ptr012017-B-grupoA/recuperar/recuperar.php?codigo=".$codigo.">Recuperar Senha</a></p><br><br>
                        <p>Departamento de Engenharia Elétrica</p>
                      </body>
                  </html>";
      $email_remetente = '[email protected]';
      $assunto = 'Recuperação de senha';
      $headers = "Content-type: text/html; charset=utf-8\r\n";
      $inserir =  mysqli_query($conexao,"INSERT INTO codigos SET codigo = '$codigo', data = '$data_expirar'");
      if($inserir) {
        if(mail("$email","$assunto","$mensagem", $headers, "-f$email_remetente")){
          header('Location: ../index.html?SUCESS=2'); //Verifique seu e-mail para obter nova senha!
        }
      }
    } else {
      header('Location: ../index.html?ERROR=6'); //  E-mail digitado não está cadastrado.
    }
  }
?>

Remembering that your Php has to be configured to send email. Remember that the link you send to the user has to be a new one session for security reasons.

  • Super cool this... if the user still has access to the email. If he has started using another email and no longer has access to the old email, you will ensure that the user is locked out of the system.

  • Just ask him to fill out the new e-mail. It’s easy to change. In the case I showed him, he takes the e-mail from the database, but it doesn’t necessarily have to be that way. You can ask for a new user input and send it to that email.

  • Yeah... thinking like that, +1.

  • This code is vulnerable to my view, anyone can change other people’s password. You are using $codigo = base64_encode($email);, is the code sent to the recuperar.php?codigo=".$codigo. is just the BASE64 of the person’s email, ie if I want to reset the password of the [email protected] I can click "I forgot password" and then log in to ..recuperar.php?codigo=ZnVsYW5vQGVtYWlsLmNvbQ==, ready I can reset his password.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.