私はこれを忘れたパスワードフォームでユーザー名をチェックし、有効な場合は一時パスワードを彼の電子メールに送信します。
正常に動作しますが、ユーザー名を送信した後、セキュリティの質問を含むフォームを表示する別のフォームを表示するページが必要です。有効な場合は、一時パスワードを作成してメールで送信します。これまでのコードは次のとおりです。新しいフォームを追加する場所と正確に検証する場所がわかりません。
HTML::cgi_read
###############################################################
# READ / VERIFY CGI VARIABLES
###############################################################
SET_GLOBAL_VARS
if { [catch {set REMOTE_ADDR $CGI_DATA(REMOTE_ADDR) } e] } { set REMOTE_ADDR "" }
if { [catch {set HTTP_USER_AGENT $CGI_DATA(HTTP_USER_AGENT) } e] } { set HTTP_USER_AGENT "" }
if { [catch {set COOKIE $CGI_DATA(HTTP_COOKIE) } e] } { set COOKIE "" }
if { [catch {set MSG $CGI_DATA(msg) } e] } { set MSG "" }
if { [catch {set USERNAME $CGI_DATA(username) } e] } { set USERNAME "" }
if { [catch {set SECQUESTION $CGI_DATA(secquestion) } e] } { set SECQUESTION "" }
if { [catch {set SECANSWER $CGI_DATA(secanswer) } e] } { set SECANSWER "" }
###############################################################
# ONLY ALLOW HTML START TO HAPPEN ONCE!
# Remember: Redirects don't have HTML Start
# Meta Tags have to have it beforehand
# Cannot do both a redirect and a meta tag
###############################################################
set HTMLSTARTFLAG 0
proc HTML_START { } {
global HTMLSTARTFLAG
if {$HTMLSTARTFLAG < 1} {
HTML::Start
set HTMLSTARTFLAG 1
}
}
###############################################################
# START OF SCRIPT
###############################################################
if {$USERNAME != ""} {
################################
# Do the hit for the entered user
################################
set queryresult1 [InfxGetLogin $USERNAME]
#any errors go back and show the blank login page
if { [regexp -nocase "error" [lindex [split $queryresult1 ,] 0] ] } {
set junk [InfxInsertLoginHistory $USERNAME "ForgotPassword" "$REMOTE_ADDR|$HTTP_USER_AGENT" "Error"]
Redirect_Login "DB Error, Please try again."
exit
}
set login [lindex [lindex $queryresult1 0] 0]
set locked [lindex [lindex $queryresult1 0] 4]
set dbquestion [lindex [lindex $queryresult1 0] 5]
set dbanswer [lindex [lindex $queryresult1 0] 6]
set emailTo [lindex [lindex $queryresult1 0] 7]
set userId [lindex [lindex $queryresult1 0] 8]
################################
# Validate user info
################################
if {$login == ""} {
set junk [InfxInsertLoginHistory $USERNAME "ForgotPassword" "$REMOTE_ADDR|$HTTP_USER_AGENT" "DoesNotExist"]
Redirect_LoginForgotPass "Login Does Not Exist"
exit
}
#locked people shouldn't get here, but if they do, they entered the page directly, send them away
if {$locked == "t"} {
set junk [InfxInsertLoginHistory $login "ForgotPassword" "$REMOTE_ADDR|$HTTP_USER_AGENT" "AcctLocked"]
Redirect_LoginForgotPass "Account is Locked"
exit
}
################################
# Create temporary password
# Base64 encoding an rc4 encrypted text, then removing all special characters
# and taking the 1st 6 characters.
################################
set pass [::base64::encode [rc4::rc4 -key [clock scan "now"] "randomizeme"]]
regsub -all {[^a-zA-Z0-9]} $pass "" pass
set pass [string range $pass 0 5]
################################
# Update DB w/ temporary password
################################
set result [InfxResetUserPassword $userId $pass]
if { $result != "ok" } {
set junk [InfxInsertLoginHistory $login "ForgotPassword" "$REMOTE_ADDR|$HTTP_USER_AGENT" "Error"]
Redirect_LoginForgotPass "DB Error, Please try again."
exit
}
set result "ERROR"
set result [HTML::mail "test@test.com $emailTo" "$emailFrom" "$emailSubj" "$emailMsg"]
################################
# Go back to login screen on success
################################
if { $result == "0" } {
Redirect_Login "Password Changed and Email Sent"
exit
} else {
set junk [InfxInsertLoginHistory $login "ForgotPassword" "$REMOTE_ADDR|$HTTP_USER_AGENT" "EmailError"]
Redirect_LoginForgotPass "Error Sending Email"
exit
}
} else {
################################
# Initial display of username form
################################
HTML_START
puts {
<head>
<link rel="stylesheet" type="text/css" href="css/login.css" type="text/css">
<script type="text/javascript" src="js/login.js"></script>
<title> Services</title>
</head>
<body>
<br><br>
<img src="images/.gif" />
<br><br><br>
<div id="login">
<form onsubmit="return validate_login_username(this)" action="login_forgotpw.cgi" method="post">
<table cellpadding="0" cellspacing="0">
<tr>
<th colspan="2"> Password Reset</th>
</tr>
<tr>
<td><label>Username:</label></td>
<td><input name="username"></input></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Submit"></input></td>
</tr>
</table>
</form>
</div>
}
puts " <h3 class=\"errormessage\">$MSG</h3>"
exit
}
これはフォームです。できれば同じページに追加して検証したいと思います。
puts "<form action='login_forgotpw.cgi' method='post'>"
puts "<td><label><b>Security Question : </b></td><td>$dbquestion ?</label></td></tr>"
puts "<tr>"
puts "<td><label><b>Answer:</b></td><td><input type='text' name='secanswer'></input></td>"
puts "<td><input type='submit' value='Submit'></input></td>"