我有一个注册表单,它工作得很好我唯一的问题是我无法获取密码通过电子邮件发送纯文本临时密码,然后将其散列到数据库中它将密码哈希发送到数据库但密码字段在电子邮件是空白的
这是代码
$password = $_POST['password'];
$password_salt = password_hash($password, PASSWORD_BCRYPT);
现在这部分是我的问题
如果喜欢这个
$password = $_POST['password'];
$password_salt = password_hash($password, PASSWORD_BCRYPT);
$password位于电子邮件正文中
密码为空的电子邮件
所以,如果我使用这个
$password = $_POST['password'];
$password_salt = password_hash($password, PASSWORD_BCRYPT);
它使用散列密码更新数据库,但不会将纯文本发送到电子邮件,但如果我像这样添加
$password = $_POST['password'];
$password = password_hash($password, PASSWORD_BCRYPT);
然后它会将散列密码发送到数据库,但在电子邮件中密码被散列到..
我需要它生成并向电子邮件发送一个非散列密码,但密码与数据库相同。
if(isset($_POST['submit'])) {
$email = $_POST['email'];
$soldier_name = $_POST['soldier_name'];
$birthdate = $_POST['birthdate'];
$country = $_POST['country'];
if(!empty($email) && !empty($soldier_name) && !empty($birthdate) && !empty($country)) {
$email = mysqli_real_escape_string($connection, $email);
$soldier_name = mysqli_real_escape_string($connection, $soldier_name);
$birthdate = mysqli_real_escape_string($connection, $birthdate);
$country = mysqli_real_escape_string($connection, $country);
$query = "INSERT INTO soldiers (soldier_email, soldier, soldier_birthdate, soldier_country) ";
$query .= "VALUES('{$email}','{$soldier_name}', '{$birthdate}', '{$country}')";
$registration_query = mysqli_query($connection, $query);
if(!$registration_query) {
die("QUERY FAILED ". mysqli_error($connection) . ' ' . mysqli_errno($connection));
}
$email_password = $_POST['password'];
$password = password_hash($email_password, PASSWORD_BCRYPT);
$query = mysqli_query($connection, "UPDATE soldiers SET soldier_pwd='$password' WHERE soldier_email='$email'");
$from = "website <noreply@mydomain.com>";
$to = $email;
$subject = "Registration Letter";
$message = "Hooah! Soldier\n\n\n\nThank you for registering if you have received this email then you have successfully created your new account. Before you begin please follow the instructions provided below:\n\nACCOUNT DETAILS:\n\nBelow is your account information for the website, you have been issued a temporary password, please return to mydomain.com/login.php and update your account by logging in with the password below and choosing 'Change Password'.\n\n\nEmail Address: " . $to . "\nSoldier Name: " . $soldier_name . "\nPassword: " . $email_password . "\n\n\nIf you have any difficulties accessing your account you can contact us at support@mydomain.com. This message was sent from an unmonitored account. Any responses will not be read.\n\nRequest made from: ". $ip = $_SERVER['REMOTE_ADDR'];' on '. $date;
$additional_headers = "From: $from\nReply-To: $from\nContent-Type: text/plain";
mail($to, $subject, $message, $additional_headers);
$message = "Your Registration has been submitted";
} else {
$message = "Fields cannot be empty";
}
} else {
$message = "";
}
答案 0 :(得分:1)
这是一个简单的用例...只需重命名变量,这样就不会覆盖它们。
$email_password = $_POST['password'];
$password = password_hash($email_password, PASSWORD_BCRYPT);
$email_password变量。$password变量。关于your comment,您需要创建一个生成随机密码的函数this one below from this question should do:
function randomPassword($length = 5) {
$alphabet = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890';
$pass = array(); //remember to declare $pass as an array
$alphaLength = strlen($alphabet) - 1; //put the length -1 in cache
for ($i = 0; $i < $length; $i++) {
$n = rand(0, $alphaLength);
$pass[] = $alphabet[$n];
}
return implode($pass); //turn the array into a string
}
允许您简单地生成它:
$email_password = randomPassword(8);
$password = password_hash($email_password, PASSWORD_BCRYPT);