Reset password - PHP and MySQL

Reset password – PHP & MySQL

0
(0)

We will be using 4 files to implement reset password option.

  • index.php (to get email address)
  • send-recovery-mail.php (to send email)
  • reset-password.php (to enter new password)
  • new-password.php (to update the password)

Your table structure should be like this:

You need to create a table in database called users and the most important columns are email and reset_token. Sending email via localhost requires an Gmail account and you need to enable less secure apps for your account. You can enable it from the link below:

Enable less secure apps

Enter email address

Create a simple form to get user’s email address, where recovery mail should be sent.

<form method="POST" action="send-recovery-mail.php">
    <input type="email" name="email">
    <input type="submit" value="Send recovery email">
</form>

Send recovery email

We will be using PHPMailer library, you can download it from the link below:

Download PHPMailer

Next you need to include the library and make a connection with database:

<?php

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'vendor/autoload.php';

$connection = mysqli_connect("localhost", "root", "", "classicmodels");

First you need to check if a user of that email exists in your database:

$email = $_POST["email"];

$sql = "SELECT * FROM users WHERE email = '$email'";
$result = mysqli_query($connection, $sql);
if (mysqli_num_rows($result) > 0)
{
    //
}
else
{
    echo "Email does not exists";
}

Inside the if statement, you need to generate a unique token which will be sent in email:

if (mysqli_num_rows($result) > 0)
{
    $reset_token = time() . md5($email);
}
else
{
    echo "Email does not exists";
}

After that, you need to save this token against that user’s database record:

$sql = "UPDATE users SET reset_token='$reset_token' WHERE email='$email'";
mysqli_query($connection, $sql);

Then you create a variable called $message and write all the text that you want to send in recovery email:

$message = "<p>Please click the link below to reset your password</p>";
$message .= "<a href='http://localhost/tutorials/add-a-reset-password-option/reset-password.php?email=$email&reset_token=$reset_token'>";
	$message .= "Reset password";
$message .= "</a>";
  • Replace your web URL with the highlighted text.

Now, simply send the email via PHPMailer. We have created a separate function to do that:

function send_mail($to, $subject, $message)
{
    $mail = new PHPMailer(true);

    try {
        //Server settings
	$mail->SMTPDebug = 0;                                       // Enable verbose debug output
	$mail->isSMTP();                                            // Set mailer to use SMTP
	$mail->Host       = 'smtp.gmail.com;';  // Specify main and backup SMTP servers
	$mail->SMTPAuth   = true;                                   // Enable SMTP authentication
	$mail->Username   = 'your_gmail_address';                     // SMTP username
	$mail->Password   = 'your_gmail_password';                               // SMTP password
	$mail->SMTPSecure = 'tls';                                  // Enable TLS encryption, `ssl` also accepted
	$mail->Port       = 587;                                    // TCP port to connect to

	$mail->setFrom('your_gmail_address', 'your_name');
	//Recipients
	$mail->addAddress($to);

	// Content
	$mail->isHTML(true);                                  // Set email format to HTML
	$mail->Subject = $subject;
	$mail->Body    = $message;

	$mail->send();
	echo 'Message has been sent';
    } catch (Exception $e) {
	echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
    }
}

And you can call this function right after$message variable:

send_mail($email, "Reset password", $message);

At this point, when you enter email and hit submit you will receive an email with a receovery link. On clicking you will be redirected to your site on page reset-password.php.

Enter new password

Now you need to create a file named reset-password.php. In this file, first you need to check if it comes from email link:

<?php

$email = $_GET["email"];
$reset_token = $_GET["reset_token"];

$connection = mysqli_connect("localhost", "root", "", "classicmodels");

$sql = "SELECT * FROM users WHERE email = '$email'";
$result = mysqli_query($connection, $sql);
if (mysqli_num_rows($result) > 0)
{
    //
}
else
{
    echo "Email does not exists";
}

Second, you need to check if the token is not tempered, so that you cannot change someone else’s password:

$user = mysqli_fetch_object($result);
if ($user->reset_token == $reset_token)
{
    //
}
else
{
    echo "Recovery email has been expired";
}

Third, display a simple form to enter new password. The email and reset_token needs to be hidden in this file so that you can update password for only that specific user:

if ($user->reset_token == $reset_token)
{
    ?>
    <form method="POST" action="new-password.php">
        <input type="hidden" name="email" value="<?php echo $email; ?>">
    	<input type="hidden" name="reset_token" value="<?php echo $reset_token; ?>">
		
    	<input type="password" name="new_password" placeholder="Enter new password">
    	<input type="submit" value="Change password">
    </form>
    <?php
}
else
{
    echo "Recovery email has been expired";
}

Reset the password

Now you only needs to create a new file named new-password.php and paste the following code in it:

<?php

$email = $_POST["email"];
$reset_token = $_POST["reset_token"];
$new_password = $_POST["new_password"];

$connection = mysqli_connect("localhost", "root", "", "classicmodels");

$sql = "SELECT * FROM users WHERE email = '$email'";
$result = mysqli_query($connection, $sql);
if (mysqli_num_rows($result) > 0)
{
    $user = mysqli_fetch_object($result);
    if ($user->reset_token == $reset_token)
    {
    	$sql = "UPDATE users SET password='$new_password' WHERE email='$email' AND reset_token='$reset_token'";
    	mysqli_query($connection, $sql);

    	echo "Password has been changed";
    }
    else
    {
    	echo "Recovery email has been expired";
    }
}
else
{
    echo "Email does not exists";
}

That’s how you can reset password using PHP and MySQL. Learn also how you can do email verification in your website.

How useful was this post

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

As you found this post useful...

Follow us on social media!

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post





Leave a Reply

Please disable your adblocker or whitelist this site!