The realization of the function of retrieving password by mail
1, recently developed a system, there is a need to forget the password after the mailbox back. Now the system at the time of registration will be forced to enter the mailbox, its purpose is to get back through the mail binding, can be password back. The ability to send mail through Java I will not say, focus on retrieving the password.
2, refer to other people's ideas: Send mail → url→ verification in the request email url→{authentication successfully changed password, unsuccessful jump to failure page}
The point is how to generate this URL and how to parse it.
Note that a URL can only be modified once password, when the same account sends multiple messages, only the last message of the URL mailbox
3, encryption can prevent forgery attacks, one URL can only be verified once, and bind the user. Generate URL: The random key can be generated with the UUID.
Digital signature = MD5 (user name + '
′+ Expiration Time + '
' + Key key ')
Database fields (user name (primary key), key key, expiration time)
URL parameters (user name, digital signature), the generation of key key: Generate a key key for this user when each user retrieves the password
URL example:http://www.wechat68.com:80/cardsshok/checklink?sid=k3xhoi4o/uihh5qywbdfya==&username=123
Generates an expiration time, generates a digital signature, generates a URL, and sends a message. Addu (username, key, expiry time)
The database to use is as follows
Package Com.soq.card.web.action;import Java.sql.timestamp;import Java.util.list;import java.util.UUID;import Org.hibernate.criteria;import Org.hibernate.session;import Org.hibernate.sessionfactory;import Org.hibernate.criterion.restrictions;import Org.springframework.orm.hibernate3.hibernatetemplate;import Com.soq.card.biz.userhander;import Com.soq.card.entity.users;import Com.soq.card.tools.dbhepler;import Com.soq.card.tools.mail;import Com.soq.card.tools.md5;import Com.soq.card.web.base.baseaction;publicclass Passemailaction extends Baseaction {private users users; Private Userhander Userhander; Private String Email; Private String SID; Private String UserName; Public String SendMail () {try {hibernatetemplate ht = This.getuserhander (). Getusersdao (). Gethibernatet Emplate (); Sessionfactory factory = Ht.getsessionfactory (); Session session = Factory.opensession (); Criteria = Session.createcriteria (Users.Class); Criteria.add (Restrictions.eq ("LoginName", email)); list<users> list = Criteria.list (); if (list.size () > 0) {users=list.get (0); Mail mail = new mail (); String Secretkey = Uuid.randomuuid (). toString (); Key Timestamp outdate = new Timestamp (System.currenttimemillis () + 30 * 60 * 1000);//expires in 30 minutes long date = Outdate.gettime ()/1000 * 1000;//ignore milliseconds mySql fetch time is ignoring the number of milliseconds Dbhepler bhepler=new Dbhepler () ; String sql= "Update users set outdate=?,validatacode=?" where loginname=?; "; String str[] ={outdate+ "", Secretkey,users.getloginname ()}; Bhepler. Addu (SQL, str); This.getuserhander (). Getusersdao (). Gethibernatetemplate (). Update (users); Save to Database System.out.println ("username>>>>" +users.getusername ()); String key =users.getusername () + "$"+ Date +" $ "+ secretkey; System.out.println ("key>>>" +key); String digitalsignature = Md5.md5 (key);//digital signature String Path = This.getrequest (). Getcontextpath (); String basepath = This.getrequest (). Getscheme () + "://" + this.getrequest (). getServerName () + ":" + this.getrequest (). Getserverport () + path + "/"; String resetpasshref = basepath + "checklink?sid=" + digitalsignature + "&username=" +users.getus Ername (); String emailcontent = "Do not reply to this message. Click on the link below to reset the password <br/><a href=" + resetpasshref + "target=" _bla NK ' > "+ resetpasshref +" </a> or <a href= "+ Resetpasshref + "Target= ' _blank ' > Click I reset Password </a>" + "<br/>tips: This message is more than 30 minutes, the link will expire, need to re-apply ' recover password ' + key + "\ t" + digitalsignature; Mail.setto (email); Mail.setfrom ("XX");//Your Mailbox Mail.sethost ("smtp.163.com"); Mail.setusername ("[email protected]");//user Mail.setpassword ("CXXX");//Password MAIL.SETSUBJ ECT ("[QR Code card] to retrieve your account password"); Mail.setcontent (emailcontent); if (Mail.sendmail ()) {System.out.println ("sent successfully"); This.getrequest (). SetAttribute ("MESG", "Reset password email has been sent, please login to reset the mailbox!" "); return "SendMail"; }} else {this.getrequest (). SetAttribute ("MESG", "User name does not exist, you will not forget the mailbox?"); return "Nouser"; }} catch (Exception e) {//Todo:handle Exception e.printstacktrace (); } returnnull; } public String Checkresetlink () {System.out.println ("sid>>>" + SID); if (Sid.equals ("") | | Username.equals ("")) {This.getrequest (). sEtattribute ("MESG", "link incomplete, please regenerate"); SYSTEM.OUT.PRINTLN (">>>>> null"); return "error"; } hibernatetemplate HT = This.getuserhander (). Getusersdao (). Gethibernatetemplate (); Sessionfactory factory = Ht.getsessionfactory (); Session session = Factory.opensession (); Criteria = Session.createcriteria (Users.class); Criteria.add (Restrictions.eq ("UserName", UserName)); list<users> list = Criteria.list (); if (List.size () >0) {users=list.get (0); Timestamp outdate = (Timestamp) users.getoutdate (); System.out.println ("outdate>>>" +outdate); if (Outdate.gettime () <= System.currenttimemillis ()) {//indicates already expired this.getrequest (). SetAttribute ("MESG", "Link has expired, Please re-apply to retrieve the password. "); System.out.println ("Time-out"); return "error"; } String key = Users.getusername () + "$" +outdate.gettimE ()/1000*1000+ "$" +users.getvalidatacode ();//Digital signature System.out.println ("Key link" "+key"); String digitalsignature = MD5.MD5 (key);//Digital Signature System.out.println ("digitalsignature>>> > "+digitalsignature); if (!digitalsignature.equals (SID)) {this.getrequest (). SetAttribute ("MESG", "link is incorrect, is it expired?"). Re-apply. System.out.println ("not marked correctly"); return "error"; }else {//link verification by going to the Change Password page this.getrequest (). SetAttribute ("User", users); Return "Success"; }}else {this.getrequest (). SetAttribute ("MESG", "link error, unable to find a matching user, please reapply for password recovery."); SYSTEM.OUT.PRINTLN ("User does not exist"); return "error"; }} public Users getusers () {return users; } publicvoid setusers (users users) {this.users = users; } public Userhander Getuserhander () {return userhander; } Publicvoid Setuserhander (Userhander userhander) {this.userhander = Userhander; } public String Getemail () {return email; } publicvoid setemail (String email) {this.email = email; } public String GetSID () {return SID; } publicvoid Setsid (String sid) {this.sid = SID; } public String GetUserName () {return userName; } publicvoid Setusername (String userName) {this.username = UserName; }}
Java Implementation mailbox Retrieve password--reprint