February 4, 2024 5:01 am

How to create forget password recovery procedure in PHP

Few days ago we post and tutorial on login and signup procedure and today I am going to write an other element of that login procedure for PHP Developers which is recover your password using email verification with encrypted key. This article demo is merged with login & signup demo.

reset-password

[wpdm_file id=45]DEMO

Database Details:

database name => phpgang

table name => users

db.sql

Database file run in your MySQL to create database and add data in table.

CREATE TABLE `users` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `name` varchar(240) NOT NULL,
  `email` varchar(240) NOT NULL,
  `password` varchar(240) NOT NULL,
  `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP
  PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;

db.php

Edit this file as per your database credentials.

<?php
define('DB_SERVER', 'localhost');
define('DB_USERNAME', 'username');
define('DB_PASSWORD', 'password');
define('DB_DATABASE', 'database');
$connection = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE);
?>

index.php

Contains PHP code, check user, validate email, create encrypted string to reset password with userid and add some numbers to make it unidentified.

<?php
if($_POST['action']=="password")
{
    $email      = mysqli_real_escape_string($connection,$_POST['email']);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) // Validate email address
    {
        $message =  "Invalid email address please type a valid email!!";
    }
    else
    {
        $query = "SELECT id FROM users where email='".$email."'";
        $result = mysqli_query($connection,$query);
        $Results = mysqli_fetch_array($result);

        if(count($Results)>=1)
        {
            $encrypt = md5(1290*3+$Results['id']);
            $message = "Your password reset link send to your e-mail address.";
            $to=$email;
            $subject="Forget Password";
            $from = '[email protected]';
            $body='Hi, <br/> <br/>Your Membership ID is '.$Results['id'].' <br><br>Click here to reset your password http://demo.phpgang.com/login-signup-in-php/reset.php?encrypt='.$encrypt.'&action=reset   <br/> <br/>--<br>PHPGang.com<br>Solve your problems.';
            $headers = "From: " . strip_tags($from) . "\r\n";
            $headers .= "Reply-To: ". strip_tags($from) . "\r\n";
            $headers .= "MIME-Version: 1.0\r\n";
            $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";

            mail($to,$subject,$body,$headers);
        }
        else
        {
            $message = "Account not found please signup now!!";
        }
    }
}
?>

Execution if this code send an email (used simple mail() function you can also use SMTP) with a confirmation link which redirect you to reset.php.

reset.php

Contains PHP code, get encrypted string validate it and show you 2 input password boxes and to enter your new password.

include('db.php');
if(isset($_GET['action']))
{          
    if($_GET['action']=="reset")
    {
        $encrypt = mysqli_real_escape_string($connection,$_GET['encrypt']);
        $query = "SELECT id FROM users where md5(90*13+id)='".$encrypt."'";
        $result = mysqli_query($connection,$query);
        $Results = mysqli_fetch_array($result);
        if(count($Results)>=1)
        {

        }
        else
        {
            $message = 'Invalid key please try again. <a href="http://demo.phpgang.com/login-signup-in-php/#forget">Forget Password?</a>';
        }
    }
}
elseif(isset($_POST['action']))
{

    $encrypt      = mysqli_real_escape_string($connection,$_POST['action']);
    $password     = mysqli_real_escape_string($connection,$_POST['password']);
    $query = "SELECT id FROM users where md5(90*13+id)='".$encrypt."'";

    $result = mysqli_query($connection,$query);
    $Results = mysqli_fetch_array($result);
    if(count($Results)>=1)
    {
        $query = "update users set password='".md5($password)."' where id='".$Results['id']."'";
        mysqli_query($connection,$query);

        $message = "Your password changed sucessfully <a href=\"http://demo.phpgang.com/login-signup-in-php/\">click here to login</a>.";
    }
    else
    {
        $message = 'Invalid key please try again. <a href="http://demo.phpgang.com/login-signup-in-php/#forget">Forget Password?</a>';
    }
}
else
{
    header("location: /login-signup-in-php");
}

Used jQuery to match re-entered password

<script>
function mypasswordmatch()
{
    var pass1 = $("#password").val();
    var pass2 = $("#password2").val();
    if (pass1 != pass2)
    {
        alert("Passwords do not match");
        return false;
    }
    else
    {
        $( "#reset" ).submit();
    }
}
</script>

This is just explanation of main code to get complete code please download it from here.

If you have any problem regarding this tutorial configuration please feel free to comment we love to answer your queries.

Author Huzoor Bux

I am Huzoor Bux from Karachi (Pakistan). I have been working as a PHP Developer from last 5+ years, and its my passion to learn new things and implement them as a practice. Basically I am a PHP developer but now days exploring more in HTML5, CSS and jQuery libraries.


Tutorial Categories:

48 responses to “How to create forget password recovery procedure in PHP”

  1. binil billu says:

    i can’t download the source code, i am a subscribed user

  2. Shahbaz Ahmed Bhatti says:

    i Love Php Gang Team. Thank u so much Keep it up

  3. Srikanth Punuru , PMP says:

    Hello Sir, where are you saving md5(1290*3+$Results[‘id’]) code in user table. I don’t see any update statement in index.php,

  4. Shen Siddharta Excel says:

    @srikanthpunurupmp:disqus

    When i investigated the code, it’s not stored in database, it just use md5 method to convert field “ID” into random number as indicator in reset link address so the same user will always accept the same number of md5 random result

  5. Ajay says:

    Nice post…love it

  6. Domboz says:

    Code isn’t work, many wrong code there

  7. Jeff Kee says:

    Overly simplified. Each md5 hash generated should be unique with a 24 hour expiry. Otherwise you can use the same reset URL over and over, potential security breach.

  8. mahesh says:

    nice tutorial sir,

    one issue sir

    how to use INC File (.inc) file in ‘ create Login and Signup System in PHP’ tutorial,

    please ask me about this

  9. cany says:

    zf2 style of forgot password where we need model, view, controler action etc

  10. Liezel Legaspi says:

    Sir i can’t download the code . i subscribed my 3 accounts still asking to subscribe help me i really really need this for my thesis. My final defense is coming i hope you can help me . If possible can you send the code in my gmail. [email protected] Thank you in Advance..

  11. sai says:

    Code isn’t work, many wrong code there

  12. بو راشد says:

    by using your code any one can hack any account if he know (1290*3)

  13. sk juneja says:

    i’ve used this code and it is not properly worked….
    mail couldn’t be sent…

  14. UniFreak says:

    I think there is a minor bug in the code:
    in index.php, the encryption is:
    md5(1290*3+$Results[‘id’]);
    but in reset.php, the encryption is:
    md5(90*13+id)

    two script using different encryption, seems will always triger the ‘invalid key’ error message

    • UniFreak says:

      and, I think using a timestamp to make the encryption is more secure than a normal static number like 1290*3+userId

  15. Arun says:

    sir..it works fine…can you please post logout also according to this demo.

  16. Jak says:

    Hii sir, reset password link is not working for me; Can you help me?

  17. Hung Nguyen says:

    thanks

  18. Lorne Dudley says:

    I have downloaded the code and it appears to work on the surface. Signup reports successful, but Login is unsuccessful. PHPMyAdmin shows that TABLE users has zero rows, yet Signup is reported as successful. db.php contains “$connection = mysqli_connect(‘localhost’,’root’,”,’phpgang’) or die(mysqli_error($connection));”. I am running with xampp apache and sql server. Any suggestions for debugging ???

  19. Jon Kantner says:

    Not working; I get error 500 every time I click the link in the email.

  20. Dev321 says:

    I think it allows mysql injection and xss exploits.

  21. eds says:

    alert(‘hi’)

  22. bgvf says:

    Sir i have download this code when i go for forgot password ,I am not getting mail on email. can u please solve this.

  23. bgvf says:

    what can i do in email setting so that i can get mail

  24. bgvf says:

    reply plzzz

  25. ishita says:

    index page is not showing any thing on browser

  26. shivam bhatnagar says:

    what is $_POST[‘action’] & $_POST[‘password’] in reset.php

  27. zakir khan says:

    sir i only need forget password button behind code….

  28. zakir khan says:

    sir what is $_POST[‘action’]==”password” ???

  29. Nomad says:

    What a shittly written code. Total misguiding new coders and NO ELABORATION at all. A guy with a experience of “5+ years” writing codes like a total newbie.Stop coding, you noob or learn to write better coding blog posts.

  30. Tarekul Islam says:

    Really helpful

  31. Vlado Mihaylov says:

    download is not working because my e-mail is not registered, and e-mail registration on this site is not working. Please, send me the full code to [email protected], thank you in advance!

  32. chelle regala says:

    Hi I’m trying to join in this group to download the code, i was trying to make this kind of program, thank you and God bless

  33. Nida Akram says:

    hey!!!!!!! I’m trying to subscribe but unable to do that I want this code as i am working on this kind of program

  34. Rukhsana says:

    Hi there

  35. Mehdi Bounya says:

    To anyone reading this now, do not use this code!

Leave a Reply

Your email address will not be published. Required fields are marked *