问题描述:

My way of letting the user retrieve his password when he forgot it is via answering his security question, and when he got it right, it will echo his password. Everything's working, except when I start to click the view password button.

I know it isn't advisable to post much code, but I think you need to see everything in order to understand what is wrong because I too cannot figure it out. Thank you in advance for those who will help me :)

EDIT: So I will do it in a safest way, that's why I deleted my code. I have a new and maybe more "solvable" question. Sir Jay asked me to post it.

This is my register page.

<form method="post" class="form-horizontal" action="signup.php">

<input type="text" class="form-control" name="username" id="username" placeholder= "username">

<input type="password" class="form-control" name="password" id="password" placeholder="password">

</from>

My sign_up.php

if(isset($_POST['submit']))

{

$username = $conn->real_escape_string(trim($_POST['username']));

$password = $conn->real_escape_string(trim($_POST['password']));

$new_password = password_hash($password, PASSWORD_DEFAULT);

$query = "INSERT INTO pending(username, password) VALUES('$username','$new_password')";

}

It's in the table pending because it requires admin's confirmation. and when the admin confirmed his request, data will go to users table. And in my login, different page will redirect depends on the position of the user whether he's member or batch-president.

网友答案:

The very logic of sending somebody their password upon forgetting it is flawed.

Consider this: They forgot their password. There is no need to send them the same password as it makes no difference, at this moment in time, what password they used in the first place. Either way, they've forgotten it. Whether you send them a new one or the old one makes no difference to the end-user requesting it. 'Cause really, they're not requesting a new password so much as they're requesting any/which/way to just login to your system. Password, no password, they don't care. Just give them an option to login now that they no longer can.

Instead, because you should never store plain-text passwords in the database, simply offer them a new password (pass-phrase*) to enter when they login again. A password-reset, so-to-speak. Then offer them the chance to change that newly appointed password upon logging in successfully should they choose to do so.

I know this might not directly assist you in your current issue at hand, but consider it a good piece of logic when developing new systems with regards to password-retrieval/forgotten passwords.

*A passphrase is something that's easy to remember, yet when done correctly, also has significant entropy. It's a natural grouping of words that form a phrase. Sending a user a new password like [email protected]!&O$$,[email protected] is ridiculous. Nobody remembers that. Not even for 10 seconds. But if you offer them a randomized, one-off, passphrase like red friendly monkey plays soccer yesterday (I just thought that one up!) then that's rather easy to remember. It has significant entropy, and is good to at least get the user logged in. You can then force them to change it if you so desire, according to the regulations you've bestowed upon your access logic.

Of course there are other methods aside from new passwords and passphrases that require tokens and such, which automagically log the user in without the need for them to enter a new password/passphrase. They are simply prompted to create a new password within the reset process. But that's another case and I'm outta time.

相关阅读:
Top