a01f30c887
Features implemented: - Email-based password recovery using 163.com SMTP (no VPN required) - Secure token-based password reset with 10-minute expiration - Improved UX with success messages in green styling - Automatic redirect to login page after successful password reset - Comprehensive security measures (CSRF protection, SQL injection prevention) Technical changes: - Added password_reset_tokens table to database schema - Updated Script.php with password recovery logic - Enhanced index.php and recover_password.php with success message styling - Migrated from Gmail SMTP to 163.com SMTP for better reliability Testing: - All teacher-provided tests: 12/12 passed (141.63s) - Email password recovery tests: 2/2 passed (22.55s) - Total success rate: 100% Security features: - Time-limited tokens (10-minute expiration) - Secure token generation using bin2hex(random_bytes(32)) - Foreign key constraints for data integrity - Rate limiting considerations Fixes: Bug #197 - Password recovery functionality |
||
|---|---|---|
| .. | ||
| helper.cpython-39.pyc | ||
| test_email_password_recovery.cpython-39-pytest-6.2.5.pyc | ||