Hey,
first of all, thanks for the great tutorials. I've got a little request.. In addition to the User Register, Login and email activation tutorials, could you also do a tutorial on a 'forgot password' function?
Thanks in advance,
Sascha
forgot password
Re: forgot password
It's not that hard. What I do (actually haven't set this up yet) Is have the user register with an email AND username, and login with the email. The username can be used for anything like a blog or forum.
But also, if the user forgets their password, they fill out a form that take in the username and email. If they both exist in the same row in the database, use the password reset system.
If you don't hash/encrypt the password (which obviously is highly unrecomended), then you can just select the password from the datàbase and email it to the user with the mail() function. If it is encrypted, then use a fuñction to create a random string, then change update the password field in that row with the string, then have email the user with said string, instructing them to then change it.
A different check is the "security question" thing. Or anything else. You actually hypothetically don't need to perform any checks. It's just recommended (and frowned upon otherwise) that you make sure it's going to the right user. And I just prefer this username system. Makes life simpler.
Pretty easy really.
But also, if the user forgets their password, they fill out a form that take in the username and email. If they both exist in the same row in the database, use the password reset system.
If you don't hash/encrypt the password (which obviously is highly unrecomended), then you can just select the password from the datàbase and email it to the user with the mail() function. If it is encrypted, then use a fuñction to create a random string, then change update the password field in that row with the string, then have email the user with said string, instructing them to then change it.
A different check is the "security question" thing. Or anything else. You actually hypothetically don't need to perform any checks. It's just recommended (and frowned upon otherwise) that you make sure it's going to the right user. And I just prefer this username system. Makes life simpler.
Pretty easy really.
Re: forgot password
Or email a randomly generate URL with a password field telling them to change it, instead of emailing them their password. That way if someone knows your email and username they can't "change" your password.