Reset Password?

Question

BenzZz 0 Junior Poster

12 Years Ago

Hi,

I've already created registration and login scripts for my application, however i now want to include an option for registered users to reset their password if they have forgotten it and cannot log in.

As currently, passwords stored in my database are encrypted, they cannot just be emailed to the member as they would be encrypted again on login.

As a result, what i want is for the member who cannot log in to enter their email address, an email be sent to that email address containing a link that redirects the member back to the site displaying a form allowing them to reset their password.

I have never developed any code in php related to email and i am not sure how i would construct the redirect link to allow only that member to reset their password. I have looked at snippets of code for ideas but they aren't clear about the redirects.

Any help would be much appreciated!
Thanks.

email http-protocol php

4 Contributors
9 Replies
188 Views
1 Day Discussion Span
Latest Post 12 Years Ago Latest Post by BenzZz

cereal 1,524 Nearly a Senior Poster

12 Years Ago

Why don't you set a random password and send that to the user via email? That way the user will change it after he logs to his own profile.

pritaeas 2,194 ¯\_(ツ)_/¯

12 Years Ago

In addition to cereal's answer, if you send a new random password, you may want to expire it quickly to prevent the user forgetting to change it, and others hijacking it.

pritaeas 2,194 ¯\_(ツ)_/¯

12 Years Ago

You can add an expiry timestamp in your table. If it is filled with a date, then you must check it. After resetting you can set it to NULL.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

BenzZz 0 Junior Poster · Answer 1 · 2012-01-16T21:11:45+00:00

I could do that. Just trying to explore the most secure options available.

shahbaz13 0 Light Poster · Answer 2 · 2012-01-16T21:42:29+00:00

Try by send a reset password link to the user by email...

BenzZz 0 Junior Poster · Answer 3 · 2012-01-16T23:08:21+00:00

In addition to cereal's answer, if you send a new random password, you may want to expire it quickly to prevent the user forgetting to change it, and others hijacking it.

So i'm guessing i make a new random password, update the members password to this random password in the database, email it to them which allows them to log in and change their password to something they want.

How would i go about expiring that password?
I'm guessing sessions but i'm not sure how to do it.

BenzZz 0 Junior Poster · Answer 4 · 2012-01-17T16:02:55+00:00

Ah right, so to set it for a day later would it be like CURDATE()+1?
And then a condition to say if the current data/time >= timestamp, set it to null, and maybe update their password to another random one so that they have to request an email again?

pritaeas 2,194 ¯\_(ツ)_/¯ Moderator Featured Poster · Answer 5 · 2012-01-17T16:20:19+00:00

pritaeas 2,194 ¯\_(ツ)_/¯

12 Years Ago

Exactly. Am sure you can get what you want.

Edited 12 Years Ago by pritaeas because: n/a

BenzZz 0 Junior Poster · Answer 6 · 2012-01-17T16:58:01+00:00

Okay, thanks for all of the help, i understand this area a lot better now.