使用加密创建基于电子邮件的密码重置功能

Question

尝试创建基于电子邮件的密码重置功能，但需要加密 URL

Change_password.php

<?php
if($_GET){
    $email=base64_decode($_GET['email']);
}
else
{
echo "Url has no user";
  }

if(isset($_POST['submit'])){
  $email=$_POST['email'];    
    $password=$_POST['password'];    

    $obj=new commands();
    $obj->update_password($email,$password);

}
?>


<form action=""  method="post" id="my_form"  class="mt-3">
   <div class="form-group">
      <label class="tags">ENTER NEW PASSWORD</label>
      <input type="text" name="email"  value="<?php echo $email;  ?>">
      <input type="password" name="password" id="password" class="form-control" autocomplete="off" placeholder="new password">
   </div>
   <div class="form-group">
      <input type="submit"  value ="submit" name="submit" class="btn btn-primary btn-block">
   </div>
</form>

forgot_password.php

<?php
if(isset($_POST['submit'])){
    $email=$_POST['email'];    
    $obj=new commands();
    $obj->forgot_passowrd($email);

}
?>



<form action=""  method="post" id="my_form"  class="mt-3">
   <div class="form-group">
      <label class="tags">EMAIL ADDRESS</label>
      <input type="email" name="email" id="email" class="form-control" autocomplete="off" placeholder="name@address.com">
   </div>
   <div class="form-group">
      <input type="submit"  value ="submit" name="submit" class="btn btn-primary btn-block">
   </div>
</form>

函数

function forgot_passowrd($email){
        $to = $email;
        $subject = "Forgot  Password";
      $url= base64_encode('/test/change_password.php?email=$email');
        $message = "
        <html>
        <head>
        <title></title>
        </head>
        <body>
        <h1>Hello Change ur password</h1>
        <a href='$url';>Change Password</>
        </body>
        </html>
        ";
        $headers = "MIME-Version: 1.0" . "\r\n";
        $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
        $headers .= 'From: <mymemail@gmail.com>' . "\r\n";
        mail($to,$subject,$message,$headers);
        header('Location: login.php?msgF=' . urlencode(base64_encode("Check Mail To Reset Password")));

    }


    function update_password($email,$password){
        $sql= $this->con->prepare("UPDATE user SET password=:password where email=:email");
        $sql->bindParam(':email', $email);
        $sql->bindParam(':password', base64_encode($password));
        $sql->execute();
        header('location:login.php');
        $this->con= null;
        header('Location: login.php?msgC=' . urlencode(base64_encode("Password Changes Succesfully")));


    }

这里我正在使用电子邮件功能向用户发送电子邮件以重置密码，并在 URL 中附加 $email。 我想加密该网址，但在加密该网址后无法访问（显然）但是有没有其他方法可以加密我的网址，因此电子邮件将不可见该网址，并且更改密码的功能仍然有效。

Answer 1

如果您想对公众隐藏电子邮件地址，您可以只加密电子邮件地址而不是整个 URL。

'/test/change_password.php?email='.encrypt($email);

然后收到follow之类的邮箱，

if($_GET){
$email=decrypt($_GET['email']);
}

希望对你有所帮助。