PHP forgot password & login system

I've been everywhere to find a free script that works

Page 1 of 1

4 Replies - 16343 Views - Last Post: 15 February 2010 - 07:12 PM Rate Topic: -----

#1 be4westart  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 10-January 10

PHP forgot password & login system

Posted 11 February 2010 - 09:57 PM

Hi thanks for your time can some one tell me where i can find a freeware script for a forgot password system

i have a working register & login but not sure on how to send email password etc...
Is This A Good Question/Topic? 0
  • +

Replies To: PHP forgot password & login system

#2 no2pencil  Icon User is online

  • Professor Snuggly Pants
  • member icon

Reputation: 6627
  • View blog
  • Posts: 30,868
  • Joined: 10-May 07

Re: PHP forgot password & login system

Posted 11 February 2010 - 10:06 PM

The forgot password can be accomplished by updating the password field to whatever value you like. I prefer to use a random four digit number. Then email the address that is stored inthe database for the user. You can also create a database entry to use a flag to force the user to change their password.

I don't know where you can find a script for this, but it's rather simple. Are you currently using a database?
Was This Post Helpful? 0
  • +
  • -

#3 be4westart  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 10-January 10

Re: PHP forgot password & login system

Posted 11 February 2010 - 11:09 PM

View Postno2pencil, on 11 February 2010 - 09:06 PM, said:

The forgot password can be accomplished by updating the password field to whatever value you like. I prefer to use a random four digit number. Then email the address that is stored inthe database for the user. You can also create a database entry to use a flag to force the user to change their password.

I don't know where you can find a script for this, but it's rather simple. Are you currently using a database?


:P um yup got a user database I will have a look at that thanks for your time.. im still very new at this :P
Was This Post Helpful? 0
  • +
  • -

#4 vernak  Icon User is offline

  • New D.I.C Head

Reputation: 7
  • View blog
  • Posts: 24
  • Joined: 11-February 10

Re: PHP forgot password & login system

Posted 15 February 2010 - 06:45 PM

For this you can do one of two things.

First, you can just set the password to a random generated number in the database and then email it to the person associated to that email account. This will work well for most situations.

A different way of doing it is to not actually reset their password when they submit their email address. This is a little more work but is a little better way of doing it. You will need a page that is going to be handling the changing of their password. So basically just a form with a new password field and confirm password field.

So when a person forgets their password and submits their email address this is what you would do:
    [-] Generate a activation code. Should be a pretty long randomly generated string. This needs to be stored in a database in a separate column associated with the users email.
    [-] Next send the email to the user with a link to the page that is handling the changing of the passwords. This link should have the activation code and email address of user encoded into it. (ie. somepage.com/changePass.php?email=someemail%40test.com&active=l23245345384098782347598)
    [-] Once the user gets the email they will click the link and then be brought to the page. The page should $_GET both the email address and activation code of the user from the URL
    [-] If the activation code is different from the one stored in the database for that particular email address the user should be redirected and notified.
    [-] Once the activation code and email are verified, the user should just be able to enter a new password and change it in the database. You will need to delete the activation code from the database as well to make sure that the password cannot be changed again with out the user knowing.

This way of doing it is much longer, but it is better in the following way. If the user doesn't actually forget their password, and someone else enters their email, their password will not be changed. They will just receive an email saying they have requested to change their password with a link to the page you made. If they don't want to change their password then they don't have to, but you will have to include a link so that the activation code will be deleted as well even if they don't change it.

If your site is not that big I recommend going with the first option, but for bigger sites the second one would be better.
Was This Post Helpful? 0
  • +
  • -

#5 TechSupport  Icon User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 32
  • Joined: 09-May 09

Re: PHP forgot password & login system

Posted 15 February 2010 - 07:12 PM

at http://nettuts.com there is a great and short tutorial on how to build you own!
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1