forgot password

Got an idea for a tutorial ? Share it here.
Post Reply
saschaost
Posts: 1
Joined: Sun Oct 16, 2011 12:59 pm

forgot password

Post by saschaost »

Hey,

first of all, thanks for the great tutorials. I've got a little request.. In addition to the User Register, Login and email activation tutorials, could you also do a tutorial on a 'forgot password' function?

Thanks in advance,

Sascha
User avatar
jacek
Site Admin
Posts: 3262
Joined: Thu May 05, 2011 1:45 pm
Location: UK
Contact:

Re: forgot password

Post by jacek »

Possibly at some point, bit of a boring thing though ;)
Image
JelvinJS7
Posts: 341
Joined: Thu May 12, 2011 8:40 pm

Re: forgot password

Post by JelvinJS7 »

It's not that hard. What I do (actually haven't set this up yet) Is have the user register with an email AND username, and login with the email. The username can be used for anything like a blog or forum.
But also, if the user forgets their password, they fill out a form that take in the username and email. If they both exist in the same row in the database, use the password reset system.
If you don't hash/encrypt the password (which obviously is highly unrecomended), then you can just select the password from the datàbase and email it to the user with the mail() function. If it is encrypted, then use a fuñction to create a random string, then change update the password field in that row with the string, then have email the user with said string, instructing them to then change it.

A different check is the "security question" thing. Or anything else. You actually hypothetically don't need to perform any checks. It's just recommended (and frowned upon otherwise) that you make sure it's going to the right user. And I just prefer this username system. Makes life simpler.

Pretty easy really.
User avatar
EcazS
Posts: 789
Joined: Fri May 06, 2011 5:29 pm

Re: forgot password

Post by EcazS »

Or email a randomly generate URL with a password field telling them to change it, instead of emailing them their password. That way if someone knows your email and username they can't "change" your password.
Post Reply