问题描述
所以我目前正在为一个网站设计一个忘记密码功能。基本上,当用户点击忘记密码时,它向他们发送一封包含重置令牌的电子邮件。我想让重置令牌在48小时内到期(出于安全考虑)。我如何在MySQL和PHP中做到这一点。我的表中有一列名为resetkey,当48小时结束时,我希望系统清除与用户用户名相关联的resetkey /令牌。
So I'm currently designing a Forgot Password feature for a website. Basically, when the user clicks forgot password it sends them an email with a reset token. I want the reset token to expire in 48 hours(for security reasons). How would I do this in MySQL and PHP. I have a column in my table called resetkey and when the 48 hours is up I want the system to clear the resetkey/token associated with the user's username.
谢谢! / p>
Thanks!
推荐答案
在 resetkey
列旁边放置一个 DATETIME
列,也许,到期
。
Next to your resetkey
column place a DATETIME
column called, maybe, expires
.
然后,每当你插入一个新的复位键,还会将一个值插入到期限:
Then, whenever you insert a new reset key, also insert a value into expires:
INSERT INTO forgot (resetkey, expires) VALUES (whatever, NOW() + INTERVAL 48 HOUR)
在从表中读取任何重置密钥之前,请执行以下操作:
Right before you read any reset key from the table, do this:
DELETE FROM forgot WHERE expires < NOW()
然后你永远不会看到过期的密钥;如果他们已经过期,他们将永远被清除。
Then you'll never see an expired key; they'll always get wiped out if they have expired.
现在,您可以选择查找用户配置的重置密钥来做某事。如果过期,您可以向用户通知:您的重置密钥已过期。但是,这是一个坏主意 ...为了安全起见,您不应该帮助用户了解为什么像重置键一样的安全令牌是无效的。你应该说那个重置键不正确。
Now, you could choose to do something with looking up a user-furnished reset key. If it's expired you could announce that to the user: "Your reset key has expired." But that's a bad idea ... for security's sake you shouldn't help users understand why a security token like a reset key is invalid. You should just say "that reset key is not correct."
这篇关于MySQL如何使价值过期?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!