954,604 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
4 Months Ago
0

Reset Password?

Hi,

I've already created registration and login scripts for my application, however i now want to include an option for registered users to reset their password if they have forgotten it and cannot log in.

As currently, passwords stored in my database are encrypted, they cannot just be emailed to the member as they would be encrypted again on login.

As a result, what i want is for the member who cannot log in to enter their email address, an email be sent to that email address containing a link that redirects the member back to the site displaying a form allowing them to reset their password.

I have never developed any code in php related to email and i am not sure how i would construct the redirect link to allow only that member to reset their password. I have looked at snippets of code for ideas but they aren't clear about the redirects.

Any help would be much appreciated!
Thanks.

BenzZz
Junior Poster
116 posts since Feb 2011
Reputation Points: 10
Solved Threads: 6
 
4 Months Ago
Show Comments
1

Why don't you set a random password and send that to the user via email? That way the user will change it after he logs to his own profile.

cereal
Master Poster
710 posts since Aug 2007
Reputation Points: 214
Solved Threads: 120
 
4 Months Ago
0

I could do that. Just trying to explore the most secure options available.

BenzZz
Junior Poster
116 posts since Feb 2011
Reputation Points: 10
Solved Threads: 6
 
4 Months Ago
Show Comments
1

In addition to cereal's answer, if you send a new random password, you may want to expire it quickly to prevent the user forgetting to change it, and others hijacking it.

pritaeas
Posting Expert
Moderator
5,484 posts since Jul 2006
Reputation Points: 653
Solved Threads: 875
 
4 Months Ago
0

Try by send a reset password link to the user by email...

shahbaz13
Junior Poster in Training
52 posts since Jul 2011
Reputation Points: 10
Solved Threads: 4
 
4 Months Ago
0
In addition to cereal's answer, if you send a new random password, you may want to expire it quickly to prevent the user forgetting to change it, and others hijacking it.

So i'm guessing i make a new random password, update the members password to this random password in the database, email it to them which allows them to log in and change their password to something they want.

How would i go about expiring that password?
I'm guessing sessions but i'm not sure how to do it.

BenzZz
Junior Poster
116 posts since Feb 2011
Reputation Points: 10
Solved Threads: 6
 
4 Months Ago
Show Comments
2

You can add an expiry timestamp in your table. If it is filled with a date, then you must check it. After resetting you can set it to NULL.

pritaeas
Posting Expert
Moderator
5,484 posts since Jul 2006
Reputation Points: 653
Solved Threads: 875
 
4 Months Ago
0

Ah right, so to set it for a day later would it be like CURDATE()+1?
And then a condition to say if the current data/time >= timestamp, set it to null, and maybe update their password to another random one so that they have to request an email again?

BenzZz
Junior Poster
116 posts since Feb 2011
Reputation Points: 10
Solved Threads: 6
 
4 Months Ago
0

Exactly. Am sure you can get what you want.

pritaeas
Posting Expert
Moderator
5,484 posts since Jul 2006
Reputation Points: 653
Solved Threads: 875
 
4 Months Ago
0

Okay, thanks for all of the help, i understand this area a lot better now.

BenzZz
Junior Poster
116 posts since Feb 2011
Reputation Points: 10
Solved Threads: 6
 

This article has been dead for over three months

Post: Markdown Syntax: Formatting Help
You
View similar articles that have also been tagged:
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed