How to create forget password recovery procedure in PHP
Few days ago we post and tutorial on login and signup procedure and today I am going to write an other element of that login procedure for PHP Developers which is recover your password using email verification with encrypted key. This article demo is merged with login & signup demo.
Database Details:
database name => phpgang
table name => users
db.sql
Database file run in your MySQL to create database and add data in table.
CREATE TABLE `users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `name` varchar(240) NOT NULL, `email` varchar(240) NOT NULL, `password` varchar(240) NOT NULL, `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP PRIMARY KEY (`id`) ) ENGINE=MyISAM AUTO_INCREMENT=3 DEFAULT CHARSET=latin1 AUTO_INCREMENT=3 ;
db.php
Edit this file as per your database credentials.
<?php define('DB_SERVER', 'localhost'); define('DB_USERNAME', 'username'); define('DB_PASSWORD', 'password'); define('DB_DATABASE', 'database'); $connection = mysqli_connect(DB_SERVER,DB_USERNAME,DB_PASSWORD,DB_DATABASE); ?>
index.php
Contains PHP code, check user, validate email, create encrypted string to reset password with userid and add some numbers to make it unidentified.
<?php if($_POST['action']=="password") { $email = mysqli_real_escape_string($connection,$_POST['email']); if (!filter_var($email, FILTER_VALIDATE_EMAIL)) // Validate email address { $message = "Invalid email address please type a valid email!!"; } else { $query = "SELECT id FROM users where email='".$email."'"; $result = mysqli_query($connection,$query); $Results = mysqli_fetch_array($result); if(count($Results)>=1) { $encrypt = md5(1290*3+$Results['id']); $message = "Your password reset link send to your e-mail address."; $to=$email; $subject="Forget Password"; $from = '[email protected]'; $body='Hi, <br/> <br/>Your Membership ID is '.$Results['id'].' <br><br>Click here to reset your password http://demo.phpgang.com/login-signup-in-php/reset.php?encrypt='.$encrypt.'&action=reset <br/> <br/>--<br>PHPGang.com<br>Solve your problems.'; $headers = "From: " . strip_tags($from) . "\r\n"; $headers .= "Reply-To: ". strip_tags($from) . "\r\n"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n"; mail($to,$subject,$body,$headers); } else { $message = "Account not found please signup now!!"; } } } ?>
Execution if this code send an email (used simple mail() function you can also use SMTP) with a confirmation link which redirect you to reset.php.
reset.php
Contains PHP code, get encrypted string validate it and show you 2 input password boxes and to enter your new password.
include('db.php'); if(isset($_GET['action'])) { if($_GET['action']=="reset") { $encrypt = mysqli_real_escape_string($connection,$_GET['encrypt']); $query = "SELECT id FROM users where md5(90*13+id)='".$encrypt."'"; $result = mysqli_query($connection,$query); $Results = mysqli_fetch_array($result); if(count($Results)>=1) { } else { $message = 'Invalid key please try again. <a href="http://demo.phpgang.com/login-signup-in-php/#forget">Forget Password?</a>'; } } } elseif(isset($_POST['action'])) { $encrypt = mysqli_real_escape_string($connection,$_POST['action']); $password = mysqli_real_escape_string($connection,$_POST['password']); $query = "SELECT id FROM users where md5(90*13+id)='".$encrypt."'"; $result = mysqli_query($connection,$query); $Results = mysqli_fetch_array($result); if(count($Results)>=1) { $query = "update users set password='".md5($password)."' where id='".$Results['id']."'"; mysqli_query($connection,$query); $message = "Your password changed sucessfully <a href=\"http://demo.phpgang.com/login-signup-in-php/\">click here to login</a>."; } else { $message = 'Invalid key please try again. <a href="http://demo.phpgang.com/login-signup-in-php/#forget">Forget Password?</a>'; } } else { header("location: /login-signup-in-php"); }
Used jQuery to match re-entered password
<script> function mypasswordmatch() { var pass1 = $("#password").val(); var pass2 = $("#password2").val(); if (pass1 != pass2) { alert("Passwords do not match"); return false; } else { $( "#reset" ).submit(); } } </script>
This is just explanation of main code to get complete code please download it from here.
If you have any problem regarding this tutorial configuration please feel free to comment we love to answer your queries.
Tutorial Categories:
i can’t download the source code, i am a subscribed user
hello friend try again i know you do it
This code is not working. Also, what you mean by this where md5(90*13+id)='”.$encrypt.”‘” ??
i Love Php Gang Team. Thank u so much Keep it up
Hello Sir, where are you saving md5(1290*3+$Results[‘id’]) code in user table. I don’t see any update statement in index.php,
@srikanthpunurupmp:disqus
When i investigated the code, it’s not stored in database, it just use md5 method to convert field “ID” into random number as indicator in reset link address so the same user will always accept the same number of md5 random result
Nice post…love it
Code isn’t work, many wrong code there
Can you share some errors so we can fix them.
hi sir can’t download the code to check , thanks, what is action under index?
Overly simplified. Each md5 hash generated should be unique with a 24 hour expiry. Otherwise you can use the same reset URL over and over, potential security breach.
nice tutorial sir,
one issue sir
how to use INC File (.inc) file in ‘ create Login and Signup System in PHP’ tutorial,
please ask me about this
zf2 style of forgot password where we need model, view, controler action etc
Sir i can’t download the code . i subscribed my 3 accounts still asking to subscribe help me i really really need this for my thesis. My final defense is coming i hope you can help me . If possible can you send the code in my gmail. [email protected] Thank you in Advance..
Code isn’t work, many wrong code there
Can you please explain errors so we can fix it.
by using your code any one can hack any account if he know (1290*3)
This article written long ago try our password hashing tutorial here https://www.phpgang.com/how-to-hashing-password-in-php-5-5-with-password-hashing-api_458.html and implement it on your code.
i’ve used this code and it is not properly worked….
mail couldn’t be sent…
please give me a fast reply…
I think there is a minor bug in the code:
in index.php, the encryption is:
md5(1290*3+$Results[‘id’]);
but in reset.php, the encryption is:
md5(90*13+id)
two script using different encryption, seems will always triger the ‘invalid key’ error message
and, I think using a timestamp to make the encryption is more secure than a normal static number like 1290*3+userId
sir..it works fine…can you please post logout also according to this demo.
Hii sir, reset password link is not working for me; Can you help me?
thanks
I have downloaded the code and it appears to work on the surface. Signup reports successful, but Login is unsuccessful. PHPMyAdmin shows that TABLE users has zero rows, yet Signup is reported as successful. db.php contains “$connection = mysqli_connect(‘localhost’,’root’,”,’phpgang’) or die(mysqli_error($connection));”. I am running with xampp apache and sql server. Any suggestions for debugging ???
Not working; I get error 500 every time I click the link in the email.
try to debug code and send me exact error.
I think it allows mysql injection and xss exploits.
alert(‘hi’)
Sir i have download this code when i go for forgot password ,I am not getting mail on email. can u please solve this.
Check your email settings or use smtp: https://www.phpgang.com/send-email-with-smtp-and-php-mailer_105.html
what changes i made in gmail account so that i can get link for passwrd change.
what can i do in email setting so that i can get mail
reply plzzz
index page is not showing any thing on browser
what is $_POST[‘action’] & $_POST[‘password’] in reset.php
sir i only need forget password button behind code….
sir what is $_POST[‘action’]==”password” ???
What a shittly written code. Total misguiding new coders and NO ELABORATION at all. A guy with a experience of “5+ years” writing codes like a total newbie.Stop coding, you noob or learn to write better coding blog posts.
You have any constructive answer/solution give it otherwise your comment doesnt have a value here!
Really helpful
download is not working because my e-mail is not registered, and e-mail registration on this site is not working. Please, send me the full code to [email protected], thank you in advance!
Hi I’m trying to join in this group to download the code, i was trying to make this kind of program, thank you and God bless
hey!!!!!!! I’m trying to subscribe but unable to do that I want this code as i am working on this kind of program
Hi there
To anyone reading this now, do not use this code!
why ?