How to reset password with mail in php and mysql

Here is a step-by-step guide on how to reset a password using email in PHP and MySQL:

Step 1: Create a password reset table

Create a new table in your MySQL database to store the password reset requests. The table should have the following columns:

id (primary key, auto-incrementing integer)
user_id (foreign key referencing the id column of the users table)
reset_token (unique string generated for each password reset request)
created_at (timestamp for when the password reset request was made)

Example SQL:

CREATE TABLE password_resets (
  id INT PRIMARY KEY AUTO_INCREMENT,
  user_id INT,
  reset_token VARCHAR(255) UNIQUE,
  created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
  FOREIGN KEY (user_id) REFERENCES users(id)
);

Step 2: Generate a password reset token

When a user requests a password reset, generate a unique token using a cryptographically secure pseudo-random number generator (CSPRNG). You can use the random_bytes function in PHP to generate a token.

Example PHP:

$token = bin2hex(random_bytes(16));

Step 3: Store the password reset token

Insert the generated token into the password_resets table, along with the user's ID and the current timestamp.

Example PHP:

$user_id = $_POST['user_id']; // assume this is the user's ID
$token = bin2hex(random_bytes(16));
$query = "INSERT INTO password_resets (user_id, reset_token, created_at) VALUES ('$user_id', '$token', NOW())";
mysqli_query($conn, $query);

Step 4: Send the password reset email

Send an email to the user with a link to reset their password. The link should include the password reset token.

Example PHP:

$subject = 'Password Reset';
$message = 'Click this link to reset your password: <a href="reset_password.php?token='. $token. '">Reset Password</a>';
mail($user_email, $subject, $message);

Step 5: Verify the password reset token

When the user clicks the link, verify that the token is valid and has not expired. You can store the expiration time in the password_resets table.

Example PHP:

$token = $_GET['token'];
$query = "SELECT * FROM password_resets WHERE reset_token = '$token' AND created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) == 1) {
    // token is valid, proceed with password reset
} else {
    // token is invalid or expired, display error message
}

Step 6: Reset the password

If the token is valid, allow the user to reset their password. You can use a form to collect the new password and confirm it.

Example PHP:

if (isset($_POST['new_password']) && isset($_POST['confirm_password'])) {
    $new_password = $_POST['new_password'];
    $confirm_password = $_POST['confirm_password'];
    if ($new_password == $confirm_password) {
        // update the user's password in the database
        $query = "UPDATE users SET password = '$new_password' WHERE id = '$user_id'";
        mysqli_query($conn, $query);
        // delete the password reset token
        $query = "DELETE FROM password_resets WHERE reset_token = '$token'";
        mysqli_query($conn, $query);
        // display success message
    } else {
        // display error message
    }
}

Step 7: Delete the password reset token

After the password has been reset, delete the password reset token from the password_resets table.

Example PHP:

$query = "DELETE FROM password_resets WHERE reset_token = '$token'";
mysqli_query($conn, $query);

That's it! With these steps, you should be able to implement a password reset feature using email in PHP and MySQL.

Mail Knowledge

How to reset password with mail in php and mysql