Forgot Password Recovery Script in PHP

When we create a system of user profile then we must have login and signup system for it. In my previous tutorial we have seen how to create login and signup system in PHP. When we create profile system we must have an option of password recovery. In other terms we must have an option of forgot password to reset so that a user can reset password on forgetting.
Here in this tutorial we have created a link of forgot password .When a user click on this link then a input box for email loads on webpage. User will fill the email and click on forgot button to reset the password. A user will get link to reset password on contact email address which user entered for reset.
Let us see the snippet to understand better
Here we have created simple form of login with link of forgot password. You can see the given below code of login which we have used login and signup system in php.

Forgot Password
Forgot Password
Reset Password
Reset Password

 

Demo

Config.php

<?php
mysql_connect('db host','db user','db password');
mysql_select_db('db name');
?>

index.php

<div id="log">
<form action="#" method="POST" id="login">
<center><h4>Login Here</h4></center>
<label>Email</label><input type="email" name="email" id="email"><br>
<label>Password</label><input type="password" name="pass" id="name"><br>
<input type="submit" name="login"  value="Login"><br><br><br> 
</form>
<a href="forgot_pass.php"  >Forgot password</a>
</div>

<?php
include 'config.php';
if(isset($_POST['login']))
{

$email = mysqli_real_escape_string($conn,$_POST['email']);
$pass = mysqli_real_escape_string($conn,$_POST['pass']);

$result = mysqli_query($conn,"SELECT * FROM `user` WHERE `email`='".$email."' and `password`='".md5($pass)."'");
$logresult = mysqli_fetch_array($result);

if(count($logresult)>=1)
{
echo "Login Successfully";
echo "HI".$result['name'];
}
else
{
echo "Email Address or password is incorrect"."<br>";
echo "try again";
}
}
?>

The process of forgot password starts when a user click on forgot password link which we have mentioned above in form. User will go to forgot_pass.php where he will get a input box for enter mail. When user submits mail, first of all validate mail and checking for its existence in DB records. After success send mail to user mail address to verify and then user get an option to fill password and confirm password.
forgot_pass.php

<div class="col-xs-12 col-lg-4 pull-right">
<?php include 'config.php';
if(!isset($_GET['action'])){
?>
 <center>
<div class="form-login">
<form action="" method="post" role="form">
<h2 class="text-uppercase">Forgot password</h2>
<div class="form-email">
<input type="text" placeholder="Email" name="email" required />
</div>
  <div class="form-submit-1">
<input  name="submit" type="submit" value="reset" class="mc-btn btn-style-1">
</div>
<div class="link">
</div>
</center>
<?php } ?>
<?php 
if(isset($_POST['submit'])){

$email =$_POST['email'];

$email=mysql_real_escape_string($email);

if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
echo("$email is not a valid email address");
} 
else {
$emailrecord = mysql_query("SELECT * FROM `user` WHERE `email`='".$email."'");

if(mysql_num_rows($emailrecord)>0)
   {
$rcode=rand(50,999);
$subject ="Reset Password";
 $from="phpcluster@phpcluster.com";
$message="Click here to reset password: http://demos.phpcluster.com/demo/forgot-password/forgot_pass.php?code=$rcode&mail=$email&action=reset";
mail($email,$subject, $message,"From:".$from);
echo "Email sent Succesfully";
  
 }
else{
   
    echo "Email Doesnt Exist";
}
}
}
?>

<?php
if(isset($_GET['action'])){
if(($_GET['action']=="reset"))
{
?>
<form method="POST">
 <div class="form-email">
<input type="password" placeholder="Password" name="pass" required />
 </div>
  <div class="form-email">
  <input type="password" placeholder="Confirm Password" name="cpass" required />
 </div>
<div class="form-submit-1">
 <input type="submit" value="Update" class="mc-btn btn-style-1" name="reset">
 </div>
</form>
		 <?php 
		 if(isset($_POST['reset']))
		 {
		 extract($_POST);
		 $passw = mysql_real_escape_string($pass);
		 if($pass==$cpass)
		 {
		$query= "UPDATE `user` SET `password`='".md5($passw)."' WHERE `email`='".$_GET['mail']."'";
		if(mysql_query($query))
		{
		echo "Password Updated Successfully";
		
		header("location: http://demos.phpcluster.com/demo/forgot-password/");
		}
		 }
		 else
		 {
		 echo "Password and Confirm Password do not match!";
		  }
		} }
		 }
		  ?>                   
</form>
</div>
</div>

On same page after mail confirmation we are updating password for that particular email address as you can see above snippet for update.

Leave a Comment