Need forgot and change password script

When creating a "forgot password" option, it should *not* be possible to send them their password. To be able to send them their password means that their password exists in your database in an unencrypted form. If anyone were to ever get access to your database, they'd have access to every user account.

Encryption adds another layer of protection. In order to take advantage of it, use an algorithm that encrypts the password, saves it in its encrypted form, and then you will always check the encrypted version of the user's inputted password against the encrypted password in the database. There are many ways to encrypt passwords and many methods to increase the security of these against hacking tools (i.e. rainbow tables), but going into them would take a lot of time. PHP has an md5() and a sha1() function that can get you started.

In order to help users that have forgotten their password, give them some sort of way of verifying their identity (i.e. security questions), reset their password to a random string, and send them the new reset password. Or, to avoid needing security questions, add a separate field to your table for their new reset password while retaining the old password, just in case they remember it after they have been sent an e-mail with their new randomly generated password. Of course, retaining the old password is not required, but it is convenient for when a hacker tries to invoke the "forgot password" function on someone's account and the user is unaware of the password change. In this method, you'd also remove the new password if the user logs in successfully or changes their password.


Speaking of changing passwords, that is the next thing that I will address. A change password function is easy, comparatively. Basically, make sure the user is already logged in. Then, give them a form with 3 fields: current password, and 2 fields for the new password. Check the current password, make sure the two new passwords fields match each other, and then change their password to the new password.

Easy. ;)

Kinda intersting this part , I'm a rookie in php, don't u have any ready made script?
About the chnagin password field too.

matheussousuke, you have been here long enough to know that we do not provide a here's-one-I-made-earlier service. When you have a specific question, then we can better help you. Kovik gave you the needed logic for the system, now do your best to implement it.

Lol, good thing you said it before I did. I've been known to be a bit... Rude, you could say, to ppl that refuse to do work for themselves.

Anyway mat, if you want it done *for* you, it'll cost ya. Web development is a profession. ;)

I know it, I just thought somenone could give me a small script, once I already paste register.php here, or at least show me what variables to use in my pw script. This is a suport forum, isn't it?

And man, don take life so seriously, u won't get out alive from it anyway ; )

Yeah, u're right, gimme ur msn adress and we can talk later about that.

You're right. Life is short. So why waste it writing scripts for ppl who are too lazy to write their own?

Write your scripts and, when you have questions, ask us to help you with them, not to do them for you.

And if you want my services, start with a PM.

Lazy enough for spending 7 hours working for others since 7:00 AM with 1 hour for lunchtime, 1 hour working for himself, more 1 hour for studying PHP and 5 hours for colledge and colledge stuff, then the whole hours for another stuff, such as dinner and after, sleep... zzz

got class now, see ya

And first rule of business and life: humility

If you want to apply this to business, you need to have a product first.
I'd suggest you get started. ;)