Forgot password management using php, sends secret key to associated email
http://projects.psuresh.com.np/forgot-password-php
Clone the project and keep in your local server's folder (ie. htdocs).
Create a database named 'loginmanager' and import sql file kept inside database. If you want to use your own database name, change in db_config.php file. Two tables user and forget_password are used, You can add or create these tables in your own existing database.
$host = 'localhost'; $username = 'root'; $password = ''; $database = 'loginmanager'; //your database name here
Goto localhost/forgot-password
Try making new account, forgot password and other stuffs. Password is encrypted using md5()
-
After matching the email in database,following code generates an unique key. You can change the way to generate the key.
$key=md5(time()+123456789% rand(4000, 55000000)); -
The key is stored in forget_password table
$sql_insert=mysqli_query($dbconfig,"INSERT INTO forget_password(email,temp_key) VALUES('$email_reg','$key')"); -
and sent to email as well.
mail($to, $subject, $msg, $headers) -
When user clicks on link in email, the
keyandemailare sent over server usingGETmethod and checked in theforget_passwordif the corresponding record is matched. -
From
forget_password_reset.phpfile
if(isset($_GET['key']) && isset($_GET['email'])) { $key=$_GET['key']; $email=$_GET['email']; $check=mysqli_query($dbconfig,"SELECT * FROM forget_password WHERE email='$email' and temp_key='$key'"); //if key doesnt matches if (mysqli_num_rows($check)!=1) { echo "This url is invalid or already been used. Please verify and try again."; exit; } } else{ header('location:index.php'); }
-
If key doesn't matches, redirects to index.php page (ie. login page).
-
If key matches, its takes to
forget_password_reset.phppage. After user resets the password, the key is immediately deleted from the database so that same key cannot be used again.and, password is updated.