Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Rasbin Rijal
PLUS
Rasbin Rijal
Courses Plus Student 10,864 Points
Posted by Rasbin Rijal
Rasbin Rijal
Courses Plus Student 10,864 Points

Building a password reset feature in website in PHP

Dear All,

How to build a password reset feature. If someone forgets passwords, he/she can click in the 'FORGET PASSWORD' button and an email with the reset code is received in the user's email through which he/she can reset the password.

How to do this stuff?

Any help or idea appreciated.

1 Answer

Paul Yabsley
Paul Yabsley
46,713 Points
Paul Yabsley
Paul Yabsley
46,713 Points

This is quite in-depth. You might want to search for a tutorial online somewhere as I don't think there is one on treehouse at the moment.

In very broad terms the process might go a bit like:

  1. User requests a password reset, usually with their email address
  2. Site looks for a matching email address then generates a reset token
  3. Stores the reset token (in a database) and generates an email to the user
  4. Email contains a link to the password reset page with the token as a query string parameter (example.com/password-reset/?token=shjuy3j4k5nsi4923ji592375j4845)
  5. When user visits the link in the email the page checks that the token in the url matches what it has stored for the user
  6. If it is a match then it displays a form for the user to update their password

There are probably different ways of doing it and other security precautions to take such as having a time out for the token to expire. To do that you'd also need to generate a time stamp when the reset is requested and then check that as well when the user clicks the reset link in their email.