PHP code for "forgot your password"?

You could take them to a page which asks the user for their email address, then search the database for the address, if email is found in database get the relevant password and email it to the email address.

I presume that you already have coded the login script, so it cannot be that hard to code that piece to search for the password and email it.

We, at this site and forum, are a group of IT speciliast and programmers helping other programmers with questions or problems. We do not provide tailor made code solutions.

So the thing left for you: start developing some code for this lost password solution and, when you have problems which you cannot solve, come back here and we will try to help you. But the coding has to be done by you.

Ronald

Marcus, your suggestions is a good one but that doesn't prove the person requesting the password is actually the person trying to log in (identity theft as an example).

What I would suggest is set up another column in your user table and save a secret answer or code. When the account is set up or the password is changed they are assigned a question/answer or a generated code. When "request a password" is clicked, display a secret question or textbox to enter this saved code and answer. Then check if email and the additional secret code matches.

No idea how much security you're looking for but every little bit helps and adding this code shouldn't be too hard. IMO email verification is not enough.

Usually simply requesting the email of the user, or the login even, and then emailing them the password is sufficient security. The user should get the email, if their email address has been changed without their knowledge, their account has already been hacked.

If you don't store their email address... well you should. It can be an invaluable resource at times, and is easily the simplest way to give people forgotten passwords

Another option that some people who like better security might like is instead of "what is my password" a "password reset" where it asks them for login and email, sets their password as some obtuse unique ID, and emails it to them, they can then log in and change it. This prevents someone from somehow hacking into someones account on the backend (or simply sitting at their computer where their password may be remembered) requesting the password, opening their email, and then knowing their common password that they use for 2 dozen sites.

You could look at other websites that have the feature.
take a look a phpbb they have the feature.
this site might even have it, I don't know because I have it bookmark for java

nomad

Wrong.
Yes, anyone could request the password, but the password would be sent to the owner of that password - not to any randomly given email address.

I'm not stupid ;)