Jump to content

Password Reset - I am confused


downah

Recommended Posts

Hi guys,

 

I just wanted some input on how to create a system to reset passwords for members, as I have recently learned to use salt and encryption I can not resend the password back to the user, so how would I go about if they lose their password? Reset their password for them automatically and send it to their email by putting in the email which their account is associated to?

 

I would really appreciate some feedback on this,

 

Jamie

Link to comment
Share on other sites

Step one: User enters their username OR email OR both.

Step two: You generate a random key and store it with the current time in the database.

Step three: You email the user a link like site.com/reset_password.php?key=hds743ydsaak (to their email you already have stored in the DB)

Step four: That page asks the user for their username and the key (which can auto fill from the URL).

Step five: If the key matches the username and it's not been too long (24 hours is generally plenty), then either:

a. allow them to choose a new password

b. Mail them a new password and they can change it after they login.

Link to comment
Share on other sites

  • 4 weeks later...

What might be a good idea is to concatenate a number of the users details you have stored in the database, such as their birthday, email address, name, and maybe a preset string from you, then hash this. This will create a unique hash for the user. Send the user an email containing a link like:

 

www.yoururl.com/reset_password?key=hashedvalue

 

When the user clicks this or pasted it into the web bar a script will validate the hashed value and allow the user to select a new password or create a new one for them. This method means you don't have to store anything in the database. However, you cannot set an expiry date for this.

Link to comment
Share on other sites

  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.