How to reset password with mail in php and mysql
Here is a step-by-step guide on how to reset a password using email in PHP and MySQL:
Step 1: Create a password reset table
Create a new table in your MySQL database to store the password reset requests. The table should have the following columns:
id
(primary key, auto-incrementing integer)user_id
(foreign key referencing theid
column of theusers
table)reset_token
(unique string generated for each password reset request)created_at
(timestamp for when the password reset request was made)
Example SQL:
CREATE TABLE password_resets (
id INT PRIMARY KEY AUTO_INCREMENT,
user_id INT,
reset_token VARCHAR(255) UNIQUE,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
FOREIGN KEY (user_id) REFERENCES users(id)
);
Step 2: Generate a password reset token
When a user requests a password reset, generate a unique token using a cryptographically secure pseudo-random number generator (CSPRNG). You can use the random_bytes
function in PHP to generate a token.
Example PHP:
$token = bin2hex(random_bytes(16));
Step 3: Store the password reset token
Insert the generated token into the password_resets
table, along with the user's ID and the current timestamp.
Example PHP:
$user_id = $_POST['user_id']; // assume this is the user's ID
$token = bin2hex(random_bytes(16));
$query = "INSERT INTO password_resets (user_id, reset_token, created_at) VALUES ('$user_id', '$token', NOW())";
mysqli_query($conn, $query);
Step 4: Send the password reset email
Send an email to the user with a link to reset their password. The link should include the password reset token.
Example PHP:
$subject = 'Password Reset';
$message = 'Click this link to reset your password: <a href="reset_password.php?token='. $token. '">Reset Password</a>';
mail($user_email, $subject, $message);
Step 5: Verify the password reset token
When the user clicks the link, verify that the token is valid and has not expired. You can store the expiration time in the password_resets
table.
Example PHP:
$token = $_GET['token'];
$query = "SELECT * FROM password_resets WHERE reset_token = '$token' AND created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) == 1) {
// token is valid, proceed with password reset
} else {
// token is invalid or expired, display error message
}
Step 6: Reset the password
If the token is valid, allow the user to reset their password. You can use a form to collect the new password and confirm it.
Example PHP:
if (isset($_POST['new_password']) && isset($_POST['confirm_password'])) {
$new_password = $_POST['new_password'];
$confirm_password = $_POST['confirm_password'];
if ($new_password == $confirm_password) {
// update the user's password in the database
$query = "UPDATE users SET password = '$new_password' WHERE id = '$user_id'";
mysqli_query($conn, $query);
// delete the password reset token
$query = "DELETE FROM password_resets WHERE reset_token = '$token'";
mysqli_query($conn, $query);
// display success message
} else {
// display error message
}
}
Step 7: Delete the password reset token
After the password has been reset, delete the password reset token from the password_resets
table.
Example PHP:
$query = "DELETE FROM password_resets WHERE reset_token = '$token'";
mysqli_query($conn, $query);
That's it! With these steps, you should be able to implement a password reset feature using email in PHP and MySQL.