密码恢复asp

Posted

技术标签:

【中文标题】密码恢复asp【英文标题】:Password recovery asp 【发布时间】:2015-01-07 19:42:04 【问题描述】:

我正在请求有关忘记密码的问题。 如果用户忘记了他/她的密码,我如何在电子邮件地址中返回他/她的相同密码?我的问题是 SQL 数据库密码是加密的,我想如何检索相同的密码而不是加密。

我是这样做的:

<!-- 
    METADATA 
    TYPE="typelib" 
    UUID="CD000000-8B95-11D1-82DB-00C04FB1625D"  
    NAME="CDO for Windows 2000 Library" 
--> 

    <%
    DIM strEmail
    strEmail = Request.Form("email")

    IF strEmail <> "" THEN
    
    %>
    
    <%
    DIM objDB, rs, rssql
    Set objDB = Server.CreateObject("ADODB.Connection")
    objDB.Open "Provider=MSDASQL.1;Password=langas;Persist Security Info=True;User ID=mmsg;Data Source=mmsg_web"
    rssql = "SELECT email_addr, medacist_password FROM medacist_user WHERE email_addr = '" & strEmail & "'"
    Set rs = objDB.Execute(rssql) 


    IF rs.EOF THEN
    Response.Write "That email address was not found in our database. Please click Back on your browser and enter the email address you registered with."
    ELSE
    DIM strPassword
    set strPassword = rs("medacist_password")
    

    Set cdoConfig = CreateObject("CDO.Configuration")  
 
    With cdoConfig.Fields  
        .Item(cdoSendUsingMethod) = cdoSendUsingPort  
        .Item(cdoSMTPServer) = "10.1.1.186"  'Ongoing sever SMTP required \\'
  ''      .Item(cdoSMTPAuthenticate) = 1'
    ''    .Item(cdoSendUsername) ="<enter_username>"
    ' '   .Item(cdoSendPassword) ="<enter_password>"''
        .Update  
    End With 
 
    Set cdoMessage = CreateObject("CDO.Message")  

 
    With cdoMessage 
        Set .Configuration = cdoConfig 
        .From = "clu@medacist.com" 
        .To = strEmail 
        .Subject = "Forgotten Password" 
        .htmlBody = "Here is your password: " & strPassword 
        .Importance = 1
        .Send 
    End With 
 
    Set cdoMessage = Nothing  
    Set cdoConfig = Nothing  


    Response.Write "Your password has been sent to your email address."
    END IF

    ELSE
    Response.Write "Please click Back on your browser and enter the email address you registered with."
    END IF
    %>

<!-- "Please click below link to reset your password: <br> <a href='https://www.medacist.com/login/test_globals.asp'>Click this link to reset your password</a>"  -->

【问题讨论】:

【参考方案1】:

您不应该找回密码。

您应该生成一个长的伪随机令牌。短时间存放(例如 24 小时)。将其发送给用户(通常嵌入在 URL 中)。当用户点击电子邮件中的链接时,他们应该会得到一个允许他们设置新密码的页面(您可以使用 URL 中的令牌来识别正在更改哪个用户的密码)。

【讨论】:

感谢您的评论。你有一个伪随机令牌代码的例子吗?我是 ASP 新手,这似乎很难。

以上是关于密码恢复asp的主要内容,如果未能解决你的问题,请参考以下文章

如何不使用 ASP.Net Membership Security Question and Answer 进行自定义密码恢复?

密码恢复流程 - 将密码恢复发送到任何电子邮件?

重置 ASP.NET 密码 - 安全问题?

MongoDB忘记密码怎么恢复

路由器密码错误,恢复出厂设置还是密码错误怎么办?

pt923恢复出厂设置密码