Secure Password Reset PHP & MySQL
Posted 16 January 2014 - 05:15 AM
Can someone perhaps direct me to, or help me with a secure password reset script for PHP & MySQL.
I have a really nice login script tha I found here:
I now need something that I can use for users to reset their password in the event that they forget their passwords.
Posted 16 January 2014 - 01:46 PM
There is no magic "reset password script" you can just download from the intertubes and drop into your site.
Posted 16 January 2014 - 03:55 PM
Passwords are stored using sha512, so I would not be able to resend the password, instead the user would have to change their password. But to keep this secure I would imagine the best practice would to sent them an e-mail with a change password link. When opening the link the will need to be asked for their username, and then the new password, with a new password confirmation.
When they complete the form, I would assume that it would work the same as my registration form, except, I would be updating the table with the new password, instead of inserting a new row.
I tried using the script linked in my second post in this thread, but I could not get it to work. Also it seems to be using md5 as apposed to sha512.
Posted 16 January 2014 - 04:13 PM
At a minimum:
1. Generate a reset code and store that somewhere
2. Send the user an email with the code
3. Email has a link to an SSLed page where they (manually) enter their email address and the code
4. If correct, let them change their password
There are plenty of things out there that have one or more of those pieces: a reset code is basically just a password salt (except typeable), emails are covered to death, and changing the password is an UPDATE query.
Posted 17 January 2014 - 01:09 AM Best Answer
Thanks, let me get to work with this and I will let you know what i come up with and if I may need any additional help.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users