Home >Database >Mysql Tutorial >How to design a secure MySQL table structure to implement password reset function?
How to design a secure MySQL table structure to implement the password reset function?
In modern software development, the password reset function of user accounts has become more and more important, because the risk of password leakage of user accounts also increases. In order to protect user privacy and data security, developers need to design a safe and reliable MySQL table structure to implement the password reset function.
The following is a feasible MySQL table structure design that can help implement the password reset function:
Table name: password_reset
Column name | Type | Description |
---|---|---|
INT(11) | Primary key, auto-increment | |
INT(11) | Foreign key associated with the user table | |
VARCHAR(255) | Unique identifier for resetting the password, using a randomly generated string | |
TIMESTAMP | Validity period of reset password link | |
TIMESTAMP | Record creation time |
CREATE TABLE password_reset ( id INT(11) NOT NULL AUTO_INCREMENT, user_id INT(11) NOT NULL, token VARCHAR(255) NOT NULL, expiration_time TIMESTAMP NOT NULL, creation_time TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (id), FOREIGN KEY (user_id) REFERENCES users(id) );
function generateToken() { $length = 32; $characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $token = ''; for ($i = 0; $i < $length; $i++) { $token .= $characters[rand(0, strlen($characters) - 1)]; } return $token; } $userId = 123; // 用户的ID $expirationTime = date('Y-m-d H:i:s', strtotime('+1 day')); // 链接的有效期为一天 $token = generateToken(); $query = "INSERT INTO password_reset (user_id, token, expiration_time) VALUES ($userId, '$token', '$expirationTime')"; // 执行SQL插入操作
$token = $_GET['token']; // 从URL参数中获取token $query = "SELECT * FROM password_reset WHERE token = '$token' AND expiration_time >= NOW()"; // 执行SQL查询操作
$newPassword = $_POST['new_password']; // 从表单中获取新密码 $hashedPassword = password_hash($newPassword, PASSWORD_DEFAULT); // 新密码进行哈希处理 $query = "UPDATE users SET password = '$hashedPassword' WHERE id = $userId"; // 执行SQL更新操作
$query = "DELETE FROM password_reset WHERE user_id = $userId"; // 执行SQL删除操作
The above is the detailed content of How to design a secure MySQL table structure to implement password reset function?. For more information, please follow other related articles on the PHP Chinese website!