How to use PHP to implement password retrieval function

How to use PHP to implement password retrieval function

Passwords are an important means of protection in our online lives, but sometimes we may forget them, especially when we have many In the case of an online account. In order to help users retrieve their passwords, many websites provide password retrieval functions. This article will introduce how to use PHP to implement the password retrieval function and provide relevant code examples.

1. Create database table

First, we need to create a database table to store user-related information, including user name, email and temporary token for password retrieval, etc. wait. Here is a sample SQL statement to create this table:

CREATE TABLE users (
    id INT AUTO_INCREMENT PRIMARY KEY,
    username VARCHAR(255) NOT NULL,
    email VARCHAR(255) NOT NULL,
    password_hash VARCHAR(255) NOT NULL,
    reset_token VARCHAR(255),
    reset_token_expiration DATETIME
);

2. User request to reset password

When a user forgets their password, they can use it when registering email to request a password reset. We need to create a page to receive the email address entered by the user and process the user's request.

<?php

// 处理重置密码请求
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = $_POST['email'];

    // 验证邮箱是否存在于数据库
    $query = "SELECT * FROM users WHERE email = :email";
    $stmt = $pdo->prepare($query);
    $stmt->execute(['email' => $email]);

    $user = $stmt->fetch();

    if (!$user) {
        // 邮箱不存在
        echo "该邮箱未注册账号，请重新输入！";
    } else {
        // 生成重置令牌
        $resetToken = bin2hex(random_bytes(32));
        $resetTokenExpiration = date('Y-m-d H:i:s', strtotime('+1 hour'));

        // 更新数据库中的用户信息
        $updateQuery = "UPDATE users SET reset_token = :reset_token, reset_token_expiration = :reset_token_expiration WHERE email = :email";
        $updateStmt = $pdo->prepare($updateQuery);
        $updateStmt->execute([
            'reset_token' => $resetToken,
            'reset_token_expiration' => $resetTokenExpiration,
            'email' => $email
        ]);

        // 发送重置密码链接到用户邮箱
        $resetUrl = "http://example.com/reset-password.php?token=" . $resetToken;
        // 发送邮件的代码
        // ...
        echo "请检查您的邮箱，我们已向您发送了密码重置链接！";
    }
}
?>

<html>
<head>
    <title>密码找回</title>
</head>
<body>
    <form method="post" action="">
        <input type="email" name="email" placeholder="请输入注册时使用的邮箱">
        <button type="submit">找回密码</button>
    </form>
</body>
</html>

3. Reset password page

Next, we need to create a reset password page, receive the link with the reset token, and verify the token effectiveness.

<?php

// 处理重置密码请求
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $password = $_POST['password'];
    $passwordConfirm = $_POST['password_confirm'];
    $resetToken = $_POST['token'];

    if ($password !== $passwordConfirm) {
        echo "两次输入的密码不一致！";
    } else {
        // 查询具有匹配重置令牌的用户
        $query = "SELECT * FROM users WHERE reset_token = :reset_token AND reset_token_expiration >= NOW()";
        $stmt = $pdo->prepare($query);
        $stmt->execute(['reset_token' => $resetToken]);

        $user = $stmt->fetch();

        if (!$user) {
            // 令牌无效或已过期
            echo "重置令牌无效或已过期！请重新请求重置密码。";
        } else {
            // 更新用户密码并清除重置令牌
            $passwordHash = password_hash($password, PASSWORD_DEFAULT);

            $updateQuery = "UPDATE users SET password_hash = :password_hash, reset_token = NULL, reset_token_expiration = NULL WHERE id = :id";
            $updateStmt = $pdo->prepare($updateQuery);
            $updateStmt->execute([
                'password_hash' => $passwordHash,
                'id' => $user['id']
            ]);

            echo "密码重置成功！";
        }
    }
}
?>

<html>
<head>
    <title>重置密码</title>
</head>
<body>
    <form method="post" action="">
        <input type="password" name="password" placeholder="请输入新密码">
        <input type="password" name="password_confirm" placeholder="请确认新密码">
        <input type="hidden" name="token" value="<?php echo $_GET['token']; ?>">
        <button type="submit">重置密码</button>
    </form>
</body>
</html>

The above are the basic steps and code examples for using PHP to implement the password retrieval function. This way, users can reset their password via the email they signed up with, and we use reset tokens to keep this process secure. Of course, this is just a basic implementation, and you can extend and improve the functions according to your own needs.

The above is the detailed content of How to use PHP to implement password retrieval function. For more information, please follow other related articles on the PHP Chinese website!