Yii2 Forgot password operation based on email verification

The content of this article is about the forgotten password operation of Yii2 based on email verification. It has a certain reference value. Now I share it with you. Friends in need can refer to it.

I talked about sending emails before function, now we will use the email sending function to make a small demo

Let’s first sort out what process we need to perform to realize the forgotten password

1. 弹出窗口，提示用户输入用户名和邮箱。2. 验证邮箱，利用md5等等加密拼接token，发送token，当前时间戳，账户名等属性。3. 用户点击邮箱链接，到指定控制器，验证我们的token和时间是否超时。4. 如果都验证成功，则进入修改密码操作

1. If you click Forget Password, we will enter the corresponding method of the current controller.
   Verify the email and user name entered by the user. If the verification is successful, perform our send email operation

//模型文件代码
 public function seekPass($post)
    {
        $this->scenario = "seekPass";        if($this->load($post)&&$this->validate())
        {        $time = time();        $adminuser = $post['Admin']['adminuser'];        
        $token  = $this->createToken($post['Admin']['adminuser'],$time);     
        //自定义方法，创建一个唯一token
        $mailer = \Yii::$app->mailer->compose('seekpass',['text'=>'text','adminuser'=>$post['Admin']['adminuser'],'token'=>$_SERVER['HTTP_HOST'].Url::toRoute(['manage/emailchangepass'])."&timestamp=".$time."&token=".$token."&adminuser=".$adminuser]);            
        $mailer ->setFrom("1115007981@qq.com")
                    ->setTo("1115007981@qq.com")
                    ->setSubject("黑势力科技")
                    ->send();        if($mailer)            return true;
        }        return false;
    }    //拼接的邮箱地址为：

    http://web.demo.com/shop/access/backend/web/index.php?r=manage/Femailchangepass×tamp=1524052534&token=4575d5050f57baf4a896c3924d972c12&adminuser=admin

1. If we click on the spliced ​​email address, then We will enter the emailchangepass method in our manage controller, and transmit our token, time, and adminuser attributes through the GET method
   In the controller

   In the model layer, we need to write method, there is only the changepass() method. Verify that the updateAll() method is called successfully

• We need to verify the timeliness of our time. The connection fails after 5 minutes

• We need to To verify whether the token is the token we initially created

• we need to identify whether there is a POST request currently. If there is, it means that the user has entered a modified password, and you need to enter the model file to verify the password. Rules
  

   public function actionEmailchangepass(){
     $this->layout='login';       $time =  Yii::$app->request->get('timestamp');       
     $adminuser = Yii::$app->request->get('adminuser');       $token =  Yii::$app->request->get('token');       $model = new Admin();       $mytoken =  $model->createToken($adminuser,$time);       if($token!=$mytoken)
         {           $this->redirect(['public/login']);
             Yii::$app->end();
         }       if(time()-$time>300)
         {           $this->redirect(['public/login']);
             Yii::$app->end();
         }   if(Yii::$app->request->isPost)
     {       $post = Yii::$app->request->post();      if ($model->changepass($post))
        {
            Yii::$app->session->setFlash('info','密码修改成功');
        }
     }   $model->adminuser = $adminuser;   return $this->render('emailchangepass',['model'=>$model]);
  }

This ends this sharing.

I talked about the email sending function before, now we will use the email sending function to make a small demo

Let’s first understand what process we need to perform to realize the forgotten password

1. 弹出窗口，提示用户输入用户名和邮箱。2. 验证邮箱，利用md5等等加密拼接token，发送token，当前时间戳，账户名等属性。3. 用户点击邮箱链接，到指定控制器，验证我们的token和时间是否超时。4. 如果都验证成功，则进入修改密码操作

1. If you click Forgot Password, we will enter the corresponding method of the current controller.
   Verify the email and user name entered by the user. If the verification is successful, perform our send email operation

//模型文件代码
 public function seekPass($post)
    {
        $this->scenario = "seekPass";        if($this->load($post)&&$this->validate())
        {        $time = time();        $adminuser = $post['Admin']['adminuser'];        $token  = $this->createToken($post['Admin']['adminuser'],$time);     //自定义方法，创建一个唯一token
        $mailer = \Yii::$app->mailer->compose('seekpass',['text'=>'text','adminuser'=>$post['Admin']['adminuser'],'token'=>$_SERVER['HTTP_HOST'].Url::toRoute(['manage/emailchangepass'])."&timestamp=".$time."&token=".$token."&adminuser=".$adminuser]);            $mailer ->setFrom("1115007981@qq.com")
                    ->setTo("1115007981@qq.com")
                    ->setSubject("黑势力科技")
                    ->send();        if($mailer)            return true;
        }        return false;
    }    //拼接的邮箱地址为：

    http://web.demo.com/shop/access/backend/web/index.php?r=manage/Femailchangepass×tamp=1524052534&token=4575d5050f57baf4a896c3924d972c12&adminuser=admin

1. If we click on the spliced ​​email address, then We will enter the emailchangepass method in our manage controller, and transmit our token, time, and adminuser attributes through the GET method
   In the controller

   In the model layer, we need to write method, there is only the changepass() method. Verify that the updateAll() method is called successfully

• We need to verify the timeliness of our time. The connection fails after 5 minutes

• We need to To verify whether the token is the token we initially created

• we need to identify whether there is a POST request currently. If there is, it means that the user has entered a modified password, and you need to enter the model file to verify the password. Rules
  

   public function actionEmailchangepass(){
     $this->layout='login';       $time =  Yii::$app->request->get('timestamp');       $adminuser = Yii::$app->request->get('adminuser');       $token =  Yii::$app->request->get('token');       $model = new Admin();       $mytoken =  $model->createToken($adminuser,$time);       if($token!=$mytoken)
         {           $this->redirect(['public/login']);
             Yii::$app->end();
         }       if(time()-$time>300)
         {           $this->redirect(['public/login']);
             Yii::$app->end();
         }   if(Yii::$app->request->isPost)
     {       $post = Yii::$app->request->post();      if ($model->changepass($post))
        {
            Yii::$app->session->setFlash('info','密码修改成功');
        }
     }   $model->adminuser = $adminuser;   return $this->render('emailchangepass',['model'=>$model]);
  }

This ends this sharing.

Related recommendations:

yii2 resetful authorization verification

Yii2.0 PHP using Sphinx

The above is the detailed content of Yii2 Forgot password operation based on email verification. For more information, please follow other related articles on the PHP Chinese website!