password reset code.

[hassank1]

Hi I want to add to my site (forget your password?) link .. where users can reset their password after receiving a reset email ..

 

but I want to know what's the algorithm to do that ?

[Rohan Shenoy]

1. Ask the user to type his "old" password and "new" password in a form and send the details to the PHP script.

2. If "old" password matches the one stored in db, then run an UPDATE query to replace the old password with new password.

[Lumio]

But what if the old password got forgotten.

 

Generate a random hash like this:

<?php
   $s = "";
   for($i=0;$i<10;$i++) {
      microtime()*30000;
      $s .= chr(rand(0,255));
   }
   $randomHash = md5($s);
?>

Save that random hash in your database with the current unix time to limit it by 24 hours.

Send an email with the link to get a new password like... getnewpw.php?userid=4&hash=THE-RANDOM-HASH

[hassank1]

what's the purpose of using : microtime()*30000; ??

[hassank1]

?

[Lumio]

if you use rand more than only once, it can happen, that you get the same number. To get around I used a command, that takes a short while.

[hassank1]

Okay I got your point about the same number issue ...

 

but what's the realtion between "microtime()*30000" and the "short while"

 

I mean what this code do exactly ?

 

thx..

[Lumio]

This line just multiplies the value of microtime by 30000

You can also write 100000*1234556.65

 

This line just makes the server a little busy.