Reset Password Script

David Carr

5 min read - 6th May, 2011

This tutorial will show you how to create a reset password script. This tutorial will use a tables called members which stores the users email address, username and password change the table name to match your own.

First lets create a from for the user to fill out in order to reset their password

<form action="" method="post">
<p>Email Address: <input type="text" name="remail" size="50" maxlength="255">
<input type="submit" name="submit" value="Get New Password"></p>
</form>

Next we need to process the form is it's been submitted.

//This code runs if the form has been submitted
if (isset($_POST['submit']))
{

Next start some validation, check for a valid email address then check if the email address exists in the database.

// check for valid email address
$email = $_POST['remail'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
     $error[] = 'Please enter a valid email address';
}

// checks if the username is in use
$check = mysql_query("SELECT email FROM members WHERE email = '$email'")or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 == 0) {
$error[] = 'Sorry, we cannot find your account details please try another email address.';
}

If no errors have been generated then carry on.

// if no errors then carry on
if (!$error) {

Next pull the users username from the database table where users email address matches the supplies email address, then create an object to use the username later in the script.

To create a new password we randomly generate one using substr, md5, uniqid and rand function which generate a random password 10 characters long, then on the next line we convert it to a encrypted password using md5 which will go into the database after the new password has been email to the user.

$query = mysql_query("SELECT username FROM members WHERE email = '$email' ")or die (mysql_error());
$r = mysql_fetch_object($query);

//create a new random password

$password = substr(md5(uniqid(rand(),1)),3,10);
$pass = md5($password); //encrypted version for database entry

Next create a message to send to the user and send it using the mail function, change the email address to match your sending email address so user@domain.com might be noreply@myverycoolsite.co.uk.

//send email
$to = "$email";
$subject = "Account Details Recovery";
$body = "Hi $r->username, nn you or someone else have requested your account details. nn Here is your account information please keep this as you may need this at a later stage. nnYour username is $r->username nn your password is $password nn Your password has been reset please login and change your password to something more rememberable.nn Regards Site Admin";
$additionalheaders = "From: <user@domain.com>rn";
$additionalheaders .= "Reply-To: noprely@domain.com";
mail($to, $subject, $body, $additionalheaders);

Now the password has been sent to the user update the database with the encrypted password where the users email address matches the one supplied. Then set a variable to true we will use this to determine if the reset has been successful.

//update database
$sql = mysql_query("UPDATE members SET password='$pass' WHERE email = '$email'")or die (mysql_error());
$rsent = true;

<p>Then close the 2 open if statements for if no errors and if the form has been submitted</p>

<pre lang="php">
}
}

Next show any errors if they've been created.

//show any errors
if (!empty($error))
{
        $i = 0;
        while ($i < count($error)){
        echo "<div class='msg-error'>".$error[$i]."</div>";
        $i ++;}
}// close if empty errors

Lastly we check if the reset was successful and if so show a message.

if ($rsent == true){
    echo "<p>You have been sent an email with your account details to $email</p>n";
    } else {
    echo "<p>Please enter your e-mail address. You will receive a new password via e-mail.</p>n";
    }

Here's the full script:

<?php
//This code runs if the form has been submitted
if (isset($_POST['submit']))
{

// check for valid email address
$email = $_POST['remail'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
     $error[] = 'Please enter a valid email address';
}

// checks if the username is in use
$check = mysql_query("SELECT email FROM members WHERE email = '$email'")or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 == 0) {
$error[] = 'Sorry, we cannot find your account details please try another email address.';
}

// if no errors then carry on
if (!$error) {

$query = mysql_query("SELECT username FROM members WHERE email = '$email' ")or die (mysql_error());
$r = mysql_fetch_object($query);

//create a new random password

$password = substr(md5(uniqid(rand(),1)),3,10);
$pass = md5($password); //encrypted version for database entry

//send email
$to = "$email";
$subject = "Account Details Recovery";
$body = "Hi $r->username, nn you or someone else have requested your account details. nn Here is your account information please keep this as you may need this at a later stage. nnYour username is $r->username nn your password is $password nn Your password has been reset please login and change your password to something more rememberable.nn Regards Site Admin";
$additionalheaders = "From: <user@domain.com>rn";
$additionalheaders .= "Reply-To: noprely@domain.com";
mail($to, $subject, $body, $additionalheaders);

//update database
$sql = mysql_query("UPDATE members SET password='$pass' WHERE email = '$email'")or die (mysql_error());
$rsent = true;


}// close errors
}// close if form sent

//show any errors
if (!empty($error))
{
        $i = 0;
        while ($i < count($error)){
        echo "<div class='msg-error'>".$error[$i]."</div>";
        $i ++;}
}// close if empty errors


if ($rsent == true){
    echo "<p>You have been sent an email with your account details to $email</p>n";
    } else {
    echo "<p>Please enter your e-mail address. You will receive a new password via e-mail.</p>n";
    }

?>

<form action="" method="post">
<p>Email Address: <input type="text" name="remail" size="50" maxlength="255">
<input type="submit" name="submit" value="Get New Password"></p>
</form>

 

0 comments
Add a comment

Copyright © 2024 DC Blog - All rights reserved.