SayidCali jamac
|
a01f30c887
|
Implement email password recovery feature for LRR system
Features implemented:
- Email-based password recovery using 163.com SMTP (no VPN required)
- Secure token-based password reset with 10-minute expiration
- Improved UX with success messages in green styling
- Automatic redirect to login page after successful password reset
- Comprehensive security measures (CSRF protection, SQL injection prevention)
Technical changes:
- Added password_reset_tokens table to database schema
- Updated Script.php with password recovery logic
- Enhanced index.php and recover_password.php with success message styling
- Migrated from Gmail SMTP to 163.com SMTP for better reliability
Testing:
- All teacher-provided tests: 12/12 passed (141.63s)
- Email password recovery tests: 2/2 passed (22.55s)
- Total success rate: 100%
Security features:
- Time-limited tokens (10-minute expiration)
- Secure token generation using bin2hex(random_bytes(32))
- Foreign key constraints for data integrity
- Rate limiting considerations
Fixes: Bug #197 - Password recovery functionality
|
2025-05-25 06:16:14 +08:00 |