问题描述

所以我目前正在为一个网站设计一个忘记密码功能。基本上，当用户点击忘记密码时，它向他们发送一封包含重置令牌的电子邮件。我想让重置令牌在48小时内到期（出于安全考虑）。我如何在MySQL和PHP中做到这一点。我的表中有一列名为resetkey，当48小时结束时，我希望系统清除与用户用户名相关联的resetkey /令牌。

So I'm currently designing a Forgot Password feature for a website. Basically, when the user clicks forgot password it sends them an email with a reset token. I want the reset token to expire in 48 hours(for security reasons). How would I do this in MySQL and PHP. I have a column in my table called resetkey and when the 48 hours is up I want the system to clear the resetkey/token associated with the user's username.

谢谢！ / p>

Thanks!

推荐答案

在 resetkey 列旁边放置一个 DATETIME 列，也许，到期。

Next to your resetkey column place a DATETIME column called, maybe, expires.

然后，每当你插入一个新的复位键，还会将一个值插入到期限：

Then, whenever you insert a new reset key, also insert a value into expires:

INSERT INTO forgot (resetkey, expires) VALUES (whatever, NOW() + INTERVAL 48 HOUR)

在从表中读取任何重置密钥之前，请执行以下操作：

Right before you read any reset key from the table, do this:

DELETE FROM forgot WHERE expires < NOW()

然后你永远不会看到过期的密钥;如果他们已经过期，他们将永远被清除。

Then you'll never see an expired key; they'll always get wiped out if they have expired.

现在，您可以选择查找用户配置的重置密钥来做某事。如果过期，您可以向用户通知：您的重置密钥已过期。但是，这是一个坏主意 ...为了安全起见，您不应该帮助用户了解为什么像重置键一样的安全令牌是无效的。你应该说那个重置键不正确。

Now, you could choose to do something with looking up a user-furnished reset key. If it's expired you could announce that to the user: "Your reset key has expired." But that's a bad idea ... for security's sake you shouldn't help users understand why a security token like a reset key is invalid. You should just say "that reset key is not correct."

这篇关于MySQL如何使价值过期？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！