We will be using 4 files to implement reset password option.
- index.php (to get email address)
- send-recovery-mail.php (to send email)
- reset-password.php (to enter new password)
- new-password.php (to update the password)
Your table structure should be like this:
You need to create a table in database called users and the most important columns are email and reset_token. Sending email via localhost requires an Gmail account and you need to enable less secure apps for your account. You can enable it from the link below:
Enter email address
Create a simple form to get user’s email address, where recovery mail should be sent.
1 2 3 4 | <form method="POST" action="send-recovery-mail.php"> <input type="email" name="email"> <input type="submit" value="Send recovery email"></form> |
Send recovery email
We will be using PHPMailer library, you can download it from the link below:
Download PHPMailer
Next you need to include the library and make a connection with database:
1 2 3 4 5 6 7 8 | <?phpuse PHPMailer\PHPMailer\PHPMailer;use PHPMailer\PHPMailer\Exception;require 'vendor/autoload.php';$connection = mysqli_connect("localhost", "root", "", "classicmodels"); |
First you need to check if a user of that email exists in your database:
1 2 3 4 5 6 7 8 9 10 11 12 | $email = $_POST["email"];$sql = "SELECT * FROM users WHERE email = '$email'";$result = mysqli_query($connection, $sql);if (mysqli_num_rows($result) > 0){ //}else{ echo "Email does not exists";} |
Inside the if statement, you need to generate a unique token which will be sent in email:
1 2 3 4 5 6 7 8 | if (mysqli_num_rows($result) > 0){ $reset_token = time() . md5($email);}else{ echo "Email does not exists";} |
After that, you need to save this token against that user’s database record:
1 2 | $sql = "UPDATE users SET reset_token='$reset_token' WHERE email='$email'";mysqli_query($connection, $sql); |
Then you create a variable called $message and write all the text that you want to send in recovery email:
1 2 3 4 | $message = "<p>Please click the link below to reset your password</p>";$message .= "<a href='http://localhost/tutorials/add-a-reset-password-option/reset-password.php?email=$email&reset_token=$reset_token'>"; $message .= "Reset password";$message .= "</a>"; |
- Replace your web URL with the highlighted text.
Now, simply send the email via PHPMailer. We have created a separate function to do that:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | function send_mail($to, $subject, $message){ $mail = new PHPMailer(true); try { //Server settings $mail->SMTPDebug = 0; // Enable verbose debug output $mail->isSMTP(); // Set mailer to use SMTP $mail->Host = 'smtp.gmail.com;'; // Specify main and backup SMTP servers $mail->SMTPAuth = true; // Enable SMTP authentication $mail->Username = 'your_gmail_address'; // SMTP username $mail->Password = 'your_gmail_password'; // SMTP password $mail->SMTPSecure = 'tls'; // Enable TLS encryption, `ssl` also accepted $mail->Port = 587; // TCP port to connect to $mail->setFrom('your_gmail_address', 'your_name'); //Recipients $mail->addAddress($to); // Content $mail->isHTML(true); // Set email format to HTML $mail->Subject = $subject; $mail->Body = $message; $mail->send(); echo 'Message has been sent'; } catch (Exception $e) { echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}"; }} |
And you can call this function right after$message variable:
1 | send_mail($email, "Reset password", $message); |
At this point, when you enter email and hit submit you will receive an email with a receovery link. On clicking you will be redirected to your site on page reset-password.php.
Enter new password
Now you need to create a file named reset-password.php. In this file, first you need to check if it comes from email link:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | <?php$email = $_GET["email"];$reset_token = $_GET["reset_token"];$connection = mysqli_connect("localhost", "root", "", "classicmodels");$sql = "SELECT * FROM users WHERE email = '$email'";$result = mysqli_query($connection, $sql);if (mysqli_num_rows($result) > 0){ //}else{ echo "Email does not exists";} |
Second, you need to check if the token is not tempered, so that you cannot change someone else’s password:
1 2 3 4 5 6 7 8 9 | $user = mysqli_fetch_object($result);if ($user->reset_token == $reset_token){ //}else{ echo "Recovery email has been expired";} |
Third, display a simple form to enter new password. The email and reset_token needs to be hidden in this file so that you can update password for only that specific user:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | if ($user->reset_token == $reset_token){ ?> <form method="POST" action="new-password.php"> <input type="hidden" name="email" value="<?php echo $email; ?>"> <input type="hidden" name="reset_token" value="<?php echo $reset_token; ?>"> <input type="password" name="new_password" placeholder="Enter new password"> <input type="submit" value="Change password"> </form> <?php}else{ echo "Recovery email has been expired";} |
Reset the password
Now you only needs to create a new file named new-password.php and paste the following code in it:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | <?php$email = $_POST["email"];$reset_token = $_POST["reset_token"];$new_password = $_POST["new_password"];$connection = mysqli_connect("localhost", "root", "", "classicmodels");$sql = "SELECT * FROM users WHERE email = '$email'";$result = mysqli_query($connection, $sql);if (mysqli_num_rows($result) > 0){ $user = mysqli_fetch_object($result); if ($user->reset_token == $reset_token) { $sql = "UPDATE users SET password='$new_password' WHERE email='$email' AND reset_token='$reset_token'"; mysqli_query($connection, $sql); echo "Password has been changed"; } else { echo "Recovery email has been expired"; }}else{ echo "Email does not exists";} |
That’s how you can reset password using PHP and MySQL. Learn also how you can do email verification in your website.
[wpdm_package id=’136′]