more details on how to create a forgot password link

user forgot your password. How create a url that leads to creating a new password

and how is this url generated when they click 'forgot password' button

combine these two answers from this related question and provide more details:

When a "forgot password" button is fired, the usual design is to ask for the email address of the client.  Then you look up that email address in the data base table.  You can send the old password to the email address, and I would do that if you're not handling very sensitive data.  Or you can zero out the password, set a flag that the account is suspended, create an md5() string of the email address and the current value of time().  Store that in the "unique-Id" field of the client table.  You would send a URL that looked something like this:[32-byte MD5 string]

When the reset_password script runs, it will take the $_GET["q"] string and locate the row in the data base with that string in the unique-Id.  Then it would produce a POST-method form asking for the email address and the new password.  The action script for the form will check the email address and the unique-Id and if everything is kosher, it will update the table with the new password.

I will recommend to add one more field into users table named 'activation_key'. By default its blank.

Whenever user clicks on Forgot Password link, update his record in database and generate random activation key.

On change password page send this activation key as parameter. For example,

And email this link to user's email address.

So this way you can use same page for Change password and Forgot Password.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rgb192Author Commented:

is a link to the 'related question'
was that the link you meant to put
Ray PaseurCommented:
I believe you may be able to use a variation of the "password" script described in this article.

The password script is the page that allows a client to change a password.  You might use that script with the following changes...

Client says, "I forgot my password, and my Email Address is --".  Look up the email address in the user table.  Send the link with the unique user key ($uuk) as a URL parameter.  When the client clicks the link, your script will find the $uuk value in the $_GET array.  Then your script would perform a SELECT to locate the client record in the user table.  When the record is found, you would put up a POST-method form with the $uuk and the row key in the hidden inputs, and two visible input controls to collect the password and the verification.  When that form is submitted, you would verify that the two hidden inputs were the same as what your script sent out (use the $_SESSION array to keep this information).  If the hidden inputs match, and the two visible inputs provide the same password, you can update the user table.  

Once that is done, you would probably want to send the client an email message notifying them that the password has been changed.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
rgb192Author Commented:
Latter provided the exact information I needed, while the former had a comprehensive tutorial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.