Php password retrieval via email

Php has not written a blog for a long time after I retrieve my password through my mailbox. now I want to record some of the problems I encountered at work and record them as the most experienced ones.

-------------------- Regression subject -----------------------

Many websites, as long as they have user registration, will inevitably encounter the situation that the user forgot the password upon login. There are two common methods to retrieve the password, one is to send a text message verification code, the other method is to connect to the mailbox by sending a message. after the connection passes verification, the password reset page is displayed.

Text message authentication method. I have previously written a jsp Version. retrieve the password by text message. the idea is very simple. a 6-character verification code is generated randomly and then written to the database. the verification code is sent to the user by calling a third-party SMS interface. after the user authentication is successful, the password can be reset.

The mailbox password retrieval method is also very simple:

Email verification format: http: // ip/find_pass.php? T = md5 (username) + md5 (password) + 6 random characters

The sending interface smtp. class. php is as follows:

 debug = false;$this->smtp_port = $smtp_port;$this->relay_host = $relay_host;$this->time_out = 30; //is used in fsockopen()$this->auth = $auth; //auth$this->user = $user;$this->pass = $pass;$this->host_name = "localhost"; //is used in HELO command$this->log_file = "";$this->sock = false;}/* Main Function */function sendmail($to, $from, $subject = "", $body = "", $mailtype, $cc = "", $bcc = "", $additional_headers = "") {$mail_from = $this->get_address($this->strip_comment($from));$body = ereg_replace("(^|(\r\n))(\.)", "\1.\3", $body);$header .= "MIME-Version:1.0\r\n";if ($mailtype == "HTML") {$header .= "Content-Type:text/html\r\n";}$header .= "To: " . $to . "\r\n";if ($cc != "") {$header .= "Cc: " . $cc . "\r\n";}$header .= "From: $from<" . $from . ">\r\n";$header .= "Subject: " . $subject . "\r\n";$header .= $additional_headers;$header .= "Date: " . date("r") . "\r\n";$header .= "X-Mailer:By Redhat (PHP/" . phpversion() . ")\r\n";list ($msec, $sec) = explode(" ", microtime());$header .= "Message-ID: <" . date("YmdHis", $sec) . "." . ($msec * 1000000) . "." . $mail_from . ">\r\n";$TO = explode(",", $this->strip_comment($to));if ($cc != "") {$TO = array_merge($TO, explode(",", $this->strip_comment($cc)));}if ($bcc != "") {$TO = array_merge($TO, explode(",", $this->strip_comment($bcc)));}$sent = true;foreach ($TO as $rcpt_to) {$rcpt_to = $this->get_address($rcpt_to);if (!$this->smtp_sockopen($rcpt_to)) {$this->log_write("Error: Cannot send email to " . $rcpt_to . "\n");$sent = false;continue;}if ($this->smtp_send($this->host_name, $mail_from, $rcpt_to, $header, $body)) {$this->log_write("E-mail has been sent to <" . $rcpt_to . ">\n");} else {$this->log_write("Error: Cannot send email to <" . $rcpt_to . ">\n");$sent = false;}fclose($this->sock);$this->log_write("Disconnected from remote host\n");}return $sent;}/* Private Functions */function smtp_send($helo, $from, $to, $header, $body = "") {if (!$this->smtp_putcmd("HELO", $helo)) {return $this->smtp_error("sending HELO command");}// authif ($this->auth) {if (!$this->smtp_putcmd("AUTH LOGIN", base64_encode($this->user))) {return $this->smtp_error("sending HELO command");}if (!$this->smtp_putcmd("", base64_encode($this->pass))) {return $this->smtp_error("sending HELO command");}}if (!$this->smtp_putcmd("MAIL", "FROM:<" . $from . ">")) {return $this->smtp_error("sending MAIL FROM command");}if (!$this->smtp_putcmd("RCPT", "TO:<" . $to . ">")) {return $this->smtp_error("sending RCPT TO command");}if (!$this->smtp_putcmd("DATA")) {return $this->smtp_error("sending DATA command");}if (!$this->smtp_message($header, $body)) {return $this->smtp_error("sending message");}if (!$this->smtp_eom()) {return $this->smtp_error("sending 
 
  
   .
   
    
      [EOM]");}if (!$this->smtp_putcmd("QUIT")) {return $this->smtp_error("sending QUIT command");}return true;}function smtp_sockopen($address) {if ($this->relay_host == "") {return $this->smtp_sockopen_mx($address);} else {return $this->smtp_sockopen_relay();}}function smtp_sockopen_relay() {$this->log_write("Trying to " . $this->relay_host . ":" . $this->smtp_port . "\n");$this->sock = @ fsockopen($this->relay_host, $this->smtp_port, $errno, $errstr, $this->time_out);if (!($this->sock && $this->smtp_ok())) {$this->log_write("Error: Cannot connenct to relay host " . $this->relay_host . "\n");$this->log_write("Error: " . $errstr . " (" . $errno . ")\n");return false;}$this->log_write("Connected to relay host " . $this->relay_host . "\n");return true;;}function smtp_sockopen_mx($address) {$domain = ereg_replace("^.+@([^@]+)$", "\1", $address);if (!@ getmxrr($domain, $MXHOSTS)) {$this->log_write("Error: Cannot resolve MX \"" . $domain . "\"\n");return false;}foreach ($MXHOSTS as $host) {$this->log_write("Trying to " . $host . ":" . $this->smtp_port . "\n");$this->sock = @ fsockopen($host, $this->smtp_port, $errno, $errstr, $this->time_out);if (!($this->sock && $this->smtp_ok())) {$this->log_write("Warning: Cannot connect to mx host " . $host . "\n");$this->log_write("Error: " . $errstr . " (" . $errno . ")\n");continue;}$this->log_write("Connected to mx host " . $host . "\n");return true;}$this->log_write("Error: Cannot connect to any mx hosts (" . implode(", ", $MXHOSTS) . ")\n");return false;}function smtp_message($header, $body) {fputs($this->sock, $header . "\r\n" . $body);$this->smtp_debug("> " . str_replace("\r\n", "\n" . "> ", $header . "\n> " . $body . "\n> "));return true;}function smtp_eom() {fputs($this->sock, "\r\n.\r\n");$this->smtp_debug(". [EOM]\n");return $this->smtp_ok();}function smtp_ok() {$response = str_replace("\r\n", "", fgets($this->sock, 512));$this->smtp_debug($response . "\n");if (!ereg("^[23]", $response)) {fputs($this->sock, "QUIT\r\n");fgets($this->sock, 512);$this->log_write("Error: Remote host returned \"" . $response . "\"\n");return false;}return true;}function smtp_putcmd($cmd, $arg = "") {if ($arg != "") {if ($cmd == "")$cmd = $arg;else$cmd = $cmd . " " . $arg;}fputs($this->sock, $cmd . "\r\n");$this->smtp_debug("> " . $cmd . "\n");return $this->smtp_ok();}function smtp_error($string) {$this->log_write("Error: Error occurred while " . $string . ".\n");return false;}function log_write($message) {$this->smtp_debug($message);if ($this->log_file == "") {return true;}$message = date("M d H:i:s ") . get_current_user() . "[" . getmypid() . "]: " . $message;if (!@ file_exists($this->log_file) || !($fp = @ fopen($this->log_file, "a"))) {$this->smtp_debug("Warning: Cannot open log file \"" . $this->log_file . "\"\n");return false;;}flock($fp, LOCK_EX);fputs($fp, $message);fclose($fp);return true;}function strip_comment($address) {$comment = "\([^()]*\)";while (ereg($comment, $address)) {$address = ereg_replace($comment, "", $address);}return $address;}function get_address($address) {$address = ereg_replace("([ \t\r\n])+", "", $address);$address = ereg_replace("^.*<(.+)>.*$", "\1", $address);return $address;}function smtp_debug($message) {if ($this->debug) {echo $message . ";";}}}?>
    
   
  
 

Send the following address to the user via email

Http: // ip/find_pass.php? T = md5 (username) + md5 (password) + 6 random characters

The user checks whether the database has token = md5 (username) + md5 (password) + 6 random characters to determine whether the password can be reset. if the password reset page is successfully displayed.
The source code will be provided later.