user forgot your password. How create a url that leads to creating a new password
and how is this url generated when they click 'forgot password' button
combine these two answers from this related question and provide more details:
When a "forgot password" button is fired, the usual design is to ask for the email address of the client. Then you look up that email address in the data base table. You can send the old password to the email address, and I would do that if you're not handling very sensitive data. Or you can zero out the password, set a flag that the account is suspended, create an md5() string of the email address and the current value of time(). Store that in the "unique-Id" field of the client table. You would send a URL that looked something like this:
[32-byte MD5 string]
When the reset_password script runs, it will take the $_GET["q"] string and locate the row in the data base with that string in the unique-Id. Then it would produce a POST-method form asking for the email address and the new password. The action script for the form will check the email address and the unique-Id and if everything is kosher, it will update the table with the new password.
I will recommend to add one more field into users table named 'activation_key'. By default its blank.
Whenever user clicks on Forgot Password link, update his record in database and generate random activation key.
On change password page send this activation key as parameter. For example,
And email this link to user's email address.
So this way you can use same page for Change password and Forgot Password.