This was such a good tutorial, thanks! You should consider adding email validation (for new registrations) and a function for the user to change their password. Also, your password reset overwrites the user's current password, which a malicious user could abuse to frustrate the account owner. I think your tutorial gave all the required info for me to add those features myself though. Much appreciated!
Thank you. I have a tutorial on my website of a login system with email verification. Check it out: digitalfox-tutorials.com/tutorial.php?title=Coding-a-registration-system-with-email-verification-using-php-and-mysql As for the password reset action the malicious user has to know the registered user's email. But it gave me some thought.
Now I'm watching this video for the second time and giving it a better thought. Instead of creating the password and sending it, I would just send a link to a password creating page. In that page, I would take the new password, generate the hash and then direct the user to the login page. Additionally, I would build logic into the function that if the password has already been reset, a message would inform the user about it. So the password would not be accessible in the user's inbox, nor the reset link could be used more than once. That would force a bad actor to access the victim's inbox again, which may fail due to actions taken by the email service provider or the user themselves later on.
Can you add a link for the user, and when he logs in, a page appears: Enter the new password and confirm the password. He is the one who changes the password.
You have to learn writing classes, but it's a good idea for a future tutorial. Thanks. I have something similar, but it is one of my early videos with no voice over only subs. Check it out. th-cam.com/video/HyyAg0cI5N8/w-d-xo.html
This was such a good tutorial, thanks! You should consider adding email validation (for new registrations) and a function for the user to change their password. Also, your password reset overwrites the user's current password, which a malicious user could abuse to frustrate the account owner. I think your tutorial gave all the required info for me to add those features myself though. Much appreciated!
Thank you.
I have a tutorial on my website of a login system with email verification.
Check it out:
digitalfox-tutorials.com/tutorial.php?title=Coding-a-registration-system-with-email-verification-using-php-and-mysql
As for the password reset action the malicious user has to know the registered user's email. But it gave me some thought.
Excellent.
Now I'm watching this video for the second time and giving it a better thought.
Instead of creating the password and sending it, I would just send a link to a password creating page. In that page, I would take the new password, generate the hash and then direct the user to the login page.
Additionally, I would build logic into the function that if the password has already been reset, a message would inform the user about it. So the password would not be accessible in the user's inbox, nor the reset link could be used more than once.
That would force a bad actor to access the victim's inbox again, which may fail due to actions taken by the email service provider or the user themselves later on.
Can you add a link for the user, and when he logs in, a page appears: Enter the new password and confirm the password. He is the one who changes the password.
Yes that's easy but the problem is that i can not update the current video. Maybe i will make a new one.
have you uploaded that part Sir?@@DigitalFox-tutorials
Thank you
Do a how to change password once logged in?
Good idea
@@DigitalFox-tutorials I'm not that experienced, but I assume it's fairly simple.
@@ABDTalk1 Yes it is, i will try to make a video on it.
Hi Im in local host I keep getting failed to connect to mail server at local host port 25 verify your SMTP or use ini_set() in functions
How do I create such a system with php oop
You have to learn writing classes, but it's a good idea for a future tutorial. Thanks.
I have something similar, but it is one of my early videos with no voice over only subs. Check it out.
th-cam.com/video/HyyAg0cI5N8/w-d-xo.html
The new password is not sent through email.
Is the email delivered without the new password? Or is it not send at all?