I need to make a forgotten password system, which works like this

  • User puts email in
  • Email sent to user with a link
  • Link goes to a one time page which allows the user to change their password

I understand about php mail() but haven't got the slightest clue how to make this work.

Thanks for any help in advance!

What usually happens is that you store the email address and a generated code in a database, which you use to create the link. When the user clicks the link, he is taken to a page that verifies the code against the database.

Just remember to NEVER send out the original password with the email, if they've forgotten it then that is the way it should remain.

Either generate a new random one for them, which they should change or are forced to change at their next login or with a link to a password reset field.

Deffinatley agree with AHarris.

User would need to use a "Forgot Password (I'm stupid) Link", where user name or email is used to validate against.

This then creates a random token string whcih is emailed as part of a URL where the user is then forced to reset password.