如何在电子邮件中发送解密的密码

Question

在我的表格中，密码是加密形式。 我使用 MD5 加密密码。现在，如果数据库中存在 emailid，我想发送密码。 一切正常...但密码以加密形式通过电子邮件发送给用户。

我如何在发送电子邮件之前解密它并将原始密码发送到用户电子邮件。

下面是我的代码..

function forgotpassword() {
        $this->layout = "layout_login";
        if (!empty($this->request->data)) {
            $email = $this->request->data['User']['email'];
            if (!empty($email)) {
                $user = $this->User->find('first', array(
                    'conditions' => array(
                        'User.email' => $this->request->data['User']['email'],
                        'User.status' => 1
                    )
                ));              
                if(!$user) {
                $this->Session->setFlash("No Such E-mail address registerd with us"); 
                } else {                
                $subject = "Account Password from Kaya Dispatch";
                $this->Email->from = 'luckybajpai87@gmail.com';
                $to = trim($this->request->data['User']['email']);
                $this->Email->sendAs = 'both';               
                $this->Email->to = $to;
                $this->Email->subject = $subject;
                $email = $user['User']['email'];  
                $password = md5($user['User']['password']); 
                $message = "";
                $message .= "Please find the below Email ID and Password of your account: <br/><br/>";
                $message .= "<b>Your Email:</b> " .$email. "<br/>";              
                $message .= "<b>Your Password:</b> " . $password . "<br/>";
                $message .= "<br/>Thanks, <br/>Support Team";              
                if ($this->Email->send($message)) {
                    $this->Session->setFlash("Password Send Successfully to your email");
                    } else {
                        $this->Session->setFlash("Something Went Wrong.Email is not send");
                    }
                } 
            }
        }
    }

Answer 1

如果你想让方法忘记密码，你可以分两步完成：

第一步：

通过电子邮件查找用户，如果存在，生成临时令牌，我们将通过邮件将其发送给用户，我们也将保存在数据库中

查看：（用户/forgot_password.ctp）

<?= $this -> Form -> create('User') ?>
  <?= __('Forgot password'); ?>
  <?= $this -> Flash -> render('auth') ?>
  <?= $this -> Form -> input('email' , ['type' => 'text','label' => ['text' => __('Email')]]) ?>
  <?= $this -> Form -> button(__('Send mail'), ['class' => 'btn btn-lg btn-primary btn-block']) ?>
<?= $this -> Form -> end() ?>

方法：

（用户模型应该有 'passwod_digest' 字段来保存临时令牌）

public function forgotPassword() {
    if($this -> request -> is('post')) {

        $user_email = $this -> request -> data['email'];
        if(filter_var($user_email, FILTER_VALIDATE_EMAIL)) {

            $user = $this -> Users -> findByEmail($user_email) -> first();

            if($user){
                $token = sha1($user_email . time());

                $user['password_digest'] = $token;

                $this -> Users -> save($user);

                $email = new Email('default');

                $path = Router::url('/', true);
                $prefix = null;

                if(isset($this -> request -> params['prefix'])) {

                    $prefix = $this -> request->params['prefix'] . DS;

                } 

                $message = __('To regenerate password follow this link: ') . $path . $prefix .'users' . DS . 'resetPassword' . DS . $token;

                $email 
                    -> from([yourAppEmail@yourAppEmail.com => yourAppName])
                    -> to($user_email)
                    -> subject(__('Reset password'))
                    -> send($message);
                $this -> Flash -> success(__('Please check your email'));
            } else{
                $this -> Flash -> error(__('This email not extist in our data base.'));
            }
        } else {
            $this -> Flash -> error(__('It´s not email format.'));
        }
    }
}

收到这样邮件的用户：

要重新生成密码，请点击此链接：

http ://www.yourAppUrl.com/users/resetPassword/9bf31c7ff062936a96d3c8bd1f8f2ff3

现在我们进行第二步创建新密码：

查看：(Users/rest_password.ctp)

<?= $this -> Form -> create(null, ['class'=>'form-register', 'error' => false]) ?>
  <?= $this -> Flash -> render('auth') ?>
  <?= $this -> Form -> input('password', ['type' => 'password', 'label' => ['text' => __('Password')]]) ?>
  <?= $this -> Form -> input('confirm_password' , ['type' => 'password', 'label' => ['text' => __('Confirm Password')]]) ?>
  <?= $this -> Form -> button(__('Send'), ['class' => 'btn btn-lg btn-primary btn-block']) ?>
<?= $this -> Form -> end() ?>

方法：

public function resetPassword() {

    //Check if param exist and exist user with token pass
    if(isset($this -> request -> params['pass'][0]) && $this -> Users -> exists(['password_digest' => $this -> request->params['pass'][0]])) {

        if($this -> request -> is('post')) {

            //Find user with magical function by find by Password Digest 
            $user = $this -> Users -> findByPasswordDigest($this -> request -> params['pass'][0]) -> first();

            $user = $this -> Users -> patchEntity($user, $this -> request -> data);

            $user['password_digest'] = null; //Clean token in data base

            if ($this -> Users -> save($user)) {
                $this -> Flash -> success(__('The new password has been saved!, please Login now with your new password'));
                return $this -> redirect(['action' => 'login']);
            } else {
                $this -> Flash -> error(__('This is not valid password.'));
            }
        } 
    } else {
        //No param or not user with this token
        $this -> Flash -> error(__('This is not valid token.'));
        return $this -> redirect(['controller' => 'Pages', 'action' => 'home']);
    }
}

[编辑] 不要忘记添加此方法以允许无需注册：

// In AppController.php    
public function beforeFilter(Event $event) {

    //Autorized acctions without registration   
    $this -> Auth -> allow(array('forgotPassword', 'resetPassword'));
} 

或者

//In UsersController.php
public function beforeFilter(Event $event) {

    parent::beforeFilter($event);
    $this -> Auth -> allow(['forgotPassword', 'resetPassword']);
}