November 25, 2013 8:05 am

How to create forget password recovery procedure in PHP

Few days ago we post and tutorial on login and signup procedure and today I am going to write an other element of that login procedure for PHP Developers which is recover your password using email verification with encrypted key. This article demo is merged with login & signup demo.


Database Details:

database name => phpgang

table name => users


Database file run in your MySQL to create database and add data in table.


Edit this file as per your database credentials.


Contains PHP code, check user, validate email, create encrypted string to reset password with userid and add some numbers to make it unidentified.

Execution if this code send an email (used simple mail() function you can also use SMTP) with a confirmation link which redirect you to reset.php.


Contains PHP code, get encrypted string validate it and show you 2 input password boxes and to enter your new password.

Used jQuery to match re-entered password

This is just explanation of main code to get complete code please download it from here.

If you have any problem regarding this tutorial configuration please feel free to comment we love to answer your queries.

Author Huzoor Bux

I am Huzoor Bux from Karachi (Pakistan). I have been working as a PHP Developer from last 5+ years, and its my passion to learn new things and implement them as a practice. Basically I am a PHP developer but now days exploring more in HTML5, CSS and jQuery libraries.

Tutorial Categories:
  • binil billu

    i can’t download the source code, i am a subscribed user

    • mahesh

      hello friend try again i know you do it

      • Hussain Almalki

        This code is not working. Also, what you mean by this where md5(90*13+id)='”.$encrypt.”‘” ??

  • Shahbaz Ahmed Bhatti

    i Love Php Gang Team. Thank u so much Keep it up

  • Srikanth Punuru , PMP

    Hello Sir, where are you saving md5(1290*3+$Results[‘id’]) code in user table. I don’t see any update statement in index.php,

  • Shen Siddharta Excel


    When i investigated the code, it’s not stored in database, it just use md5 method to convert field “ID” into random number as indicator in reset link address so the same user will always accept the same number of md5 random result

  • Ajay

    Nice post…love it

  • Domboz

    Code isn’t work, many wrong code there

    • huzoorbux

      Can you share some errors so we can fix them.

  • Overly simplified. Each md5 hash generated should be unique with a 24 hour expiry. Otherwise you can use the same reset URL over and over, potential security breach.

  • mahesh

    nice tutorial sir,

    one issue sir

    how to use INC File (.inc) file in ‘ create Login and Signup System in PHP’ tutorial,

    please ask me about this

  • cany

    zf2 style of forgot password where we need model, view, controler action etc

  • Liezel Legaspi
  • sai

    Code isn’t work, many wrong code there

    • huzoorbux

      Can you please explain errors so we can fix it.

  • بو راشد

    by using your code any one can hack any account if he know (1290*3)

  • sk juneja

    i’ve used this code and it is not properly worked….
    mail couldn’t be sent…

    • sk juneja

      please give me a fast reply…

  • UniFreak

    I think there is a minor bug in the code:
    in index.php, the encryption is:
    but in reset.php, the encryption is:

    two script using different encryption, seems will always triger the ‘invalid key’ error message

    • UniFreak

      and, I think using a timestamp to make the encryption is more secure than a normal static number like 1290*3+userId

  • Arun works fine…can you please post logout also according to this demo.

  • Jak

    Hii sir, reset password link is not working for me; Can you help me?

  • Hung Nguyen


  • Lorne Dudley

    I have downloaded the code and it appears to work on the surface. Signup reports successful, but Login is unsuccessful. PHPMyAdmin shows that TABLE users has zero rows, yet Signup is reported as successful. db.php contains “$connection = mysqli_connect(‘localhost’,’root’,”,’phpgang’) or die(mysqli_error($connection));”. I am running with xampp apache and sql server. Any suggestions for debugging ???

  • Jon Kantner

    Not working; I get error 500 every time I click the link in the email.

    • PHP

      try to debug code and send me exact error.

  • Dev321

    I think it allows mysql injection and xss exploits.

  • eds


  • bgvf

    Sir i have download this code when i go for forgot password ,I am not getting mail on email. can u please solve this.

  • bgvf

    what can i do in email setting so that i can get mail

  • bgvf

    reply plzzz

  • ishita

    index page is not showing any thing on browser

  • shivam bhatnagar

    what is $_POST[‘action’] & $_POST[‘password’] in reset.php

  • sir i only need forget password button behind code….

  • sir what is $_POST[‘action’]==”password” ???

  • Nomad

    What a shittly written code. Total misguiding new coders and NO ELABORATION at all. A guy with a experience of “5+ years” writing codes like a total newbie.Stop coding, you noob or learn to write better coding blog posts.

    • You have any constructive answer/solution give it otherwise your comment doesnt have a value here!