Geek Answers Handbook

Functionality thrice, not four steps

I am using EZ Publish CMS:

What is currently happening:

  • On the page with password entries, the user enters the email address that they use to register and send

  • The user receives an email with a password generation link that uses a hash to verify their identity.

  • The user receives an email with the password just generated

  • The user returns to the site using the link from his email, which takes them to a form that asks for the old password (which was just generated and sent to their email), and enter a new password for them.

What I want:

  • On the forgotten password page, the user enters the email address that they use to register and send

  • The user receives an email with a link to the "enter new password" form

  • In the "enter a new password" form, the user does not need to enter the old password, since the authentication has already been confirmed by the hash and therefore you only need to enter the new password.

I am using the EZMBPAEX extension, which has the original 4-step process. There seems to be no documentation or discussion about deleting the “email user with new password” step, but my client has very strong passwords without sending email , so I can't bend it.

Does anyone know where I can find documentation on how to edit this functionality?

, , , :
/extension/ezmbpaex/modules/userpaex/forgotpassword.php

+5
2

, , .

0

, , 32 , ,

, db

 function genRandomString() {
 $length = 32;
 $characters = "0123456789abcdefghijklmnopqrstuvwxyz";
$string ="";
for ($p = 0; $p < $length; $p++) {
    $string .= $characters[mt_rand(0, (strlen($characters))-1)];
}

return $string;
}

, php myAdmin, forget_passes, , ,

   $key = genRandomString(); // assign random code
$assign = $db->query("INSERT INTO `YOUR_DB_NAME`.`forgotten_pass` (`email` ,`randomKey` , `time`)

    VALUES ('$email', '$key', CURRENT_TIMESTAMP );");

, resetpassword.php(, , get, ,

www.yourdomain.com/pass_reset.php(ADD? secretkey = THE_GENERATED_HERE)

, , reset , - :

, , reset /

: http://www.yourdomain.com/pass_reset.php?secretKey=a12s236d5c8d4fkejus10a1s2d4c8741

, , sql, , , , :

    <?php 
   if (isset($_GET['secretKey'])) {
   $secretKey = $_GET['secretKey'];

     // Check wether it really exist in database
   $sql = 'select * from forgotten_pass WHERE email=$The_User_Email and  randomKey='$secretKey'';

       }

, , , , , .

:

     if mysql_num_rows($sql)>0 {         echo "Success, ";
     ?>
     // in this part type the html code which displays two inputs text, password
     // and confirm password that connect to database and update the user password

     <form method="post" action="passupdate.php">
     <input name="password" value =""/>
     <input name"confirmedPassword" value=""/>
     <input type="submit" value="Save my new password"> 
     </form>
      <?php

      } else {

     echo "Sorry, invalid reset link";

     }
+1

More articles:


All Articles