Creating a forgot password page for your user system website is really quite easy.
First off, start by creating a new page. I called mine "forgot_password.php".
This will page will contain a form in which the user submits his or her email address.
If we use email as the input type, the form will automatically check if the submitted string is a valid email adress and will return an error if it is not.
The placeholder attribute adds the grey text inside the box that dissappears when you type something.
[syntax=xhtml]
<form action="" method="post">
<input type="email" name="email" placeholder="email" />
<input type="submit" />
</form>[/syntax]
We will need to validate this email adress to see if there is a user registered with that email. To do this we create a new function in our user.inc.php file.
[syntax=php]
<?php
function email_exists($email){
$email = mysql_real_escape_string($email);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `email` = '{$email}' ");
return(mysql_result($total, 0) == '1') ? true : false;
}
?>[/syntax]
We can now call this function from our forgot_password.php page, but before we can do that we need to check if the form has been submitted and that it isn't empty. You should know how to do this already seeing as it uses the same methods previously used in this tutorial.
[syntax=php]
<?php
if(isset($_POST['email'])){
$errors = array();
if(empty($_POST['email'])){
$errors[] = 'You need to enter an email adress';
}else{
if(email_exists($_POST['email']) === false){
$errors[] = ' There is no user with that email address';
}
}
}
?>[/syntax]
Now that we have this out of the way, we can start working on the actual password reset function.
Go back into user.inc.php and create a new function.
[syntax=php]
<?php
function new_password($email){
}
?>[/syntax]
What we need to do first is create a new random password. There are a million and a half ways to create a random string, so feel free to use whichever you like. I will not go into depth on how to do this here.
I will use the same method Jacek uses in his Email Activation Extension tutorial.
[syntax=php]
<?php
function new_password($email){
$email = mysql_real_escape_string($email);
$charset = array_flip(array_merge(range('a','z'), range('A','Z'), range(0, 9)));
$new_password = implode('', array_rand($charset,15));
}
?>
[/syntax]
Next up we have to actually reset the users password. To do that we run an UPDATE query to update the password and set it to our new random string.
[syntax=php]
<?php
function new_password($email){
$email = mysql_real_escape_string($email);
$charset = array_flip(array_merge(range('a','z'), range('A','Z'), range(0, 9)));
$new_password = implode('', array_rand($charset,15));
$sql = "UPDATE
`users`
SET
`password` = '{$new_password}'
WHERE
`email` = '{$email}' ";
mysql_query($sql);
}
?>[/syntax]
The next thing to do would be to send the new password to the users email-address. To do this we use the mail(); function.
[syntax=php]
<?php
function new_password($email){
$email = mysql_real_escape_string($email);
$charset = array_flip(array_merge(range('a','z'), range('A','Z'), range(0, 9)));
$new_password = implode('', array_rand($charset,15));
$sql = "UPDATE
`users`
SET
`password` = '{$new_password}'
WHERE
`email` = '{$email}' ";
mysql_query($sql);
$body = <<<EMAIL
Here is your new password!
{$new_password}
EMAIL;
mail($email,'Your new password',$body,'From: email@website.com');
}
?>[/syntax]
For more detailed instructions on how to use the mail() function, go check out Jacek's email activation tutorial or php.net.
Now that our function is complete, we will call it from our forgot_password.php page if the $errors array is empty.
[syntax=php]
<?php
if(isset($_POST['email'])){
$errors = array();
if(empty($_POST['email'])){
$errors[] = 'You need to enter an email adress';
}else{
if(email_exists($_POST['email']) === false){
$errors[] = ' There is no user with that email address';
}
}
if(empty($errors)){
new_password($_POST['email'];
echo " Your new password has been sent to $_POST['email']";
}
}
?>[/syntax]
Now all you have to do is add a link to forgot_password.php from your login page.
[syntax=xhtml]<a href="forgot_password.php"> Forgot your password? </a>[/syntax]
To allow the user to change the password you pretty much just need to copy paste some code you've already written.
Update password with a $_POST value where username = $username, or id = $id or email = $email. Use your imagination!
( I might add this part in later if requested )
I wish to apologize if I riddled this tutorial with typos and I hope that the main point of the tutorial came across.
