more details on how to create a forgot password link




user forgot your password. How create a url that leads to creating a new password

and how is this url generated when they click 'forgot password' button




combine these two answers from this related question and provide more details:



When a "forgot password" button is fired, the usual design is to ask for the email address of the client.  Then you look up that email address in the data base table.  You can send the old password to the email address, and I would do that if you're not handling very sensitive data.  Or you can zero out the password, set a flag that the account is suspended, create an md5() string of the email address and the current value of time().  Store that in the "unique-Id" field of the client table.  You would send a URL that looked something like this:

http://www.example.com/reset_password.php?q=[32-byte MD5 string]

When the reset_password script runs, it will take the $_GET["q"] string and locate the row in the data base with that string in the unique-Id.  Then it would produce a POST-method form asking for the email address and the new password.  The action script for the form will check the email address and the unique-Id and if everything is kosher, it will update the table with the new password.


I will recommend to add one more field into users table named 'activation_key'. By default its blank.

Whenever user clicks on Forgot Password link, update his record in database and generate random activation key.

On change password page send this activation key as parameter. For example,
http://www.yuorsitename.com/change_password.php?activation_key=rNCyS8bD9YU0Q6LFG3tH.

And email this link to user's email address.

So this way you can use same page for Change password and Forgot Password.
LVL 1
rgb192Asked:
Who is Participating?
 
Ray PaseurCommented:
I believe you may be able to use a variation of the "password" script described in this article.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html?sfQueryTermInfo=1+30+login+system

The password script is the page that allows a client to change a password.  You might use that script with the following changes...

Client says, "I forgot my password, and my Email Address is --".  Look up the email address in the user table.  Send the link with the unique user key ($uuk) as a URL parameter.  When the client clicks the link, your script will find the $uuk value in the $_GET array.  Then your script would perform a SELECT to locate the client record in the user table.  When the record is found, you would put up a POST-method form with the $uuk and the row key in the hidden inputs, and two visible input controls to collect the password and the verification.  When that form is submitted, you would verify that the two hidden inputs were the same as what your script sent out (use the $_SESSION array to keep this information).  If the hidden inputs match, and the two visible inputs provide the same password, you can update the user table.  

Once that is done, you would probably want to send the client an email message notifying them that the password has been changed.
0
 
boon86Commented:
0
 
rgb192Author Commented:
atique_ansari


http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_27498163.html

is a link to the 'related question'
was that the link you meant to put
0
 
rgb192Author Commented:
Latter provided the exact information I needed, while the former had a comprehensive tutorial
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.