PHP Password Reset by Email
ฝัง
- เผยแพร่เมื่อ 19 ก.ค. 2024
- Learn how to create secure password reset by email using PHP, MySQL and best practices.
This is part 2 of Signup and Login with PHP and MySQL:
‣ • Signup and Login with ...
Please consider supporting my channel:
☕ ko-fi.com/davehollingworth
Code shown in the video:
‣ github.com/daveh/php-password...
Relevant documentation:
‣ github.com/PHPMailer/PHPMailer
Videos referenced:
‣ Signup and Login (part 1): • Signup and Login with ...
‣ Sending email with PHP: • Send email with PHP | ...
00:00 Introduction
00:24 How it works
02:09 Starting point
02:17 Forgot password
04:08 Database changes
05:03 Send password reset
08:47 PHPMailer
13:25 Send reset email
14:17 Process link in email
16:42 Password reset form
17:49 Reset password
20:40 Summary
#PHP #MySQL #signup #login #passwordreset - วิทยาศาสตร์และเทคโนโลยี
This is part 2. Part 1 is here: Signup and Login with PHP and MySQL:
‣ th-cam.com/video/5L9UhOnuos0/w-d-xo.html
and part 3 is here: PHP Account Activation by Email:
‣ th-cam.com/video/kC0AIip7Bww/w-d-xo.html
Thanks, really clear coverage of a fairly complex process. 👍
Thank you Dave, I've had frustrations looking for a way out with doing secured password recovery/ reset
Working on my final project and now I added this option to my project, thank you very much
dave is the best of all times in php. His api course is AMAZING. the explanations are beyound the language, you learn the concepts and how implement it in practice
your vid has really helped me a lot in making a good proj. and also thank you for keeping your code free to use
Thank you so much sire always love Your coding and the simple syntax you use to teach special greetings ❤❤❤❤❤
You are indeed a great teacher Dave
Nice explanation, understood instantly, thanks. Suscribed.
Thank you very much. God bless you.
Thank you 😇
Thank you very much Sr. ¡I apreciate all your knowledge!
Shear PHP Coding Wizardry.
Deep appreciation, sir.
Wishing that you would make a video on the things to do to make a website scalable.
Who else has waited for this?
Very good php man
really you are good
thank you so much .
Thanks sir
Perfect ❤❤❤❤❤❤
Thanks for your knowledge and your code I used them in signups and they worked for me perfect. And when are you planning to record a tutorial on how to create avater image
bro plz tell me didi the domains worked correctly
Great content David, part 3 with 2FA with option to enable or disable it?
please in reset-password. php i don't understand if we must put $token_hash in the place of ? in the query $sql="select * from user where reset_token_hash=?"; because i think ? will replace $_get['token']
and in the table user we store reset token hash and not the token
help please
just i want a clarification
thx in advance
Great as always 👍
I know videos are made so that they can be easy to understand but, Maybe It would be better and more practical, instead of using files and require them like: $var = require.....;, we can just create functions in one file and use them everywhere we need. 😊
Yes you're right. I try to avoid adding code that would distract from the lesson being taught in the video, so I keep it as simple as possible, but a different way to organise the code would be better as the codebase builds.
I love his tutorials but he did it in his first video and I was a bit confused. $mysqli = require __DIR__ . "/database.php"; What does this mean. This variable is for the database connection in the databse.php file.
could you please make a video on search algo like in a social media website where we can find people to connect with?
Can you add a video for creating admin roles
Like adding super admin and admin please
really great content, thank you for that. It may be a stupid question but wouldn't it be easier to send the user to the sign-up page and skip the check if the email is already taken? (or just delete the user and let him sign up again)
You could do, but the signup page is more complex than the password reset page, requiring more fields, more validation etc. so it's easier to let them reset their password by just supplying their email. As for deleting the user and letting them sign up again, yes you could do that, but that would require you to do that. Letting the user reset their own password requires no intervention on your part. (much better if you have many users!)
What other related functionality would you like to see? Coming soon - account activation by email!
Maybe a real-life project with clean coding, using API?
Hi Dave, great content! I recently decided to progress to learning Laravel and wondered if this was something you have any experience with, or were planning to cover in the future? Love your courses by the way! Cheers, Adam
please show how to do this exactly with the env file to store the sensitive data externally
@@ahooton Thank you! I will do some Laravel tutorials at some point in the future, yes
@@zmOe1 I just published this: th-cam.com/video/L5E2HSHrDjw/w-d-xo.html
👏👏👏
❤❤
On the mail.php page, specify in the SMTP settings configuration, what is meant by email and password? Is it the one that belongs to the personal gmail, and what is the account added to the host? Please respond as soon as possible.
The email and password are the ones you use to authenticate with the SMTP server. In the case of Gmail, this would be your full Gmail address and application password (you have to create a specific application password to use the Gmail SMTP server)
i was able to update the token but when I click the link sent to the email, it keep says token not found
sir, please help my reset-password.php page not working
mail massage click with example domain show
Such situation I made the reset password structure by your video, the main problem that google account now vanished the opportunity to make less app secure in google/account/security, out there I made password app in 2 factor authentication and use it in my project, but, have been always when try to reset the password, have the same error *SMTP Error: Could not authenticate* , someone speaks it point on incorrect credentials, however, credentials fine 100%, someone speak the structure of the project now does not fit for google requirements and therefore we have always the error, someone know how to resolve it? as long as someone have faced with the same issue ?
Hello dave, i have a problem about your tutorial did you made some clarification or double checking the reset password?, because when i try to submit a form it didn't clarify the confirmation password neither if the password length was correct or have some numbers on it. Please i need to fix this issues.
Are you referring to the client-side or server-side validation?
@@dave-hollingworth i already check the code its just i missed this ';" to insert. thank you for your tutorial I'm still learning about php. 😁
I have a security question:
What happens if an hacker ipotetically puts 0 as the password recovery token?
Would the program recognise it as a valid recovery token and let the hacker change the password of the first entry of an user with a recovery token not set (set to null) or worse change the passwords of all the users with a recovery token not defined?
sorry in advance for the bad english
Good question - the user record is found based on the hash of the supplied token. If you hash "0", you still get a full hexadecimal string. So when the user record is searched for that matches that string, none will be found, and therefore none will be updated. So this shouldn't be a problem.
amazing , if u can help upload photo and can edit it .please
I am trying to reset the "reset_token_hash" and "reset_token_expires_at" to null after I successfully reset my password but the values are not turning null. I checked the database and the code and all were copied perfectly. Is there any idea on how to fix this?
Could it be that the database columns don't accept null values?
Dear Dave, thank you so much for this tutorial. It is great. Very clear explanation and nice voice.
I do have a problem.
When I run your script on my computer, locolhost, everything works fine.But when I FTP it to my site I get an error.
When I klick the send-button, i get: the page could not be processed. HTTP ERROR 500. When I choose another file, (forgotmail.php, ipv send-password-reset.php) it loads the page (forgotmail.php. When I paste the code from send-password.php insode forgotmail.php, iit does not work anymore. Can you understand this?
Kind regards and thank you in advance
A 500 error means an error is occurring on the server - to see error details you need to add this to your code:
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
This will tell you where the error is occurring
@@dave-hollingworth It was a problem with the authorisation ... problem solved. Now it works like charm. Thanks again Dave!
Hello Dave. Everything works properly but the email, it doesn't create an hyperlink but instead write out the whole
You need to set the email format to HTML:
$mail->isHTML(true);
@@dave-hollingworth Thanks brother it works fine now. 🤝
Hello, I've tried everything to get this to work however I'm struggling. I keep getting "token not found' after running the process-reset-password.php. I can confirm that the token is there, on the email and is being displayed in the "hidden" form when visible but still I get this error. I thought it might have been an issue with the hash, and so I have completely removed the hash and the checks for the hash, but I'm in the same boat. Can anyone help?
Try debugging by printing out the values of the token at various points, to see if it's getting lost somewhere. You can also compare your code to the code from the video in the repository.
The Hash Code also created on the php table.I have installed the phpmailer in the composer. But I cannot get the Vendor Folder and Autoload. Sir how can i get the vendor folder also autoload file
Make sure you ran the composer install command from the root folder
Sir please tell how to send email using codeigniter 3
Thankyou for this tutorial I am learning in your videos but is there another way? PHP mailer doesnt work now if you use gmail cause google disabled the function less secure apps in gmail😕
Search for "smtp server" (there are free and paid ones available)
@@dave-hollingworth Im truly grateful for your assistance!
theres an error whenever i click the link on mail:
Not Found
The requested URL was not found on this server.
Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.3.30 Server at localhost Port 80
Check the URL matches your hostname (e.g. localhost, example.com etc.) and the path to the file (/reset-password.php, or /subfolder/reset-password.php etc.) and the filename matches it
Why does mine display "Token not Found" even though the token is correct for the given URL?
Hard to say without seeing the code - try debugging by printing out the values of the $_GET variable etc. at different stages using var_dump
Mine is exactly the same, did you manage to fix this?
I installed composer but it only downloads vendor/phpmailer without anything inside it
Check your file explorer isn't hiding certain files, and you have enough disk space. Also see if there were any error messages when you ran the Composer command
Which IDE are you using?
Visual Studio Code
i got email has already taken on sign up but email doesnt taken
Please have a look at some of the other comments where people have had a similar problem and posted a solution
13:39 it appears: Message could not be sent. Mailer error: SMTP Error: Could not connect to SMTP host. Failed to connect to serverSMTP server error: Failed to connect to server Additional SMTP info: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolutionMessage sent, please check your inbox.
Can you guys please help me to fix this problem now?
I extremely appreciate, thank you very much
Message could not be sent. Mailer error: SMTP Error: Could not authenticate.
@@jamestrey3049This is an issue with the SMTP server hostname (e.g. smtp.example.com) or the authentication credentials (the username and password you use to connect to the server)
@@dave-hollingworth Yes, I already changed its statement. But eventually It appears SMTP Error: Could not authenticate.
Please help me
Do you mean the password we use is the app password of Google?
@@jamestrey3049 If it's saying you could not authenticate, this is usually a problem with the username and password. If you're using Gmail, this will be your email address and application-specific password.
Message sent, please check your inbox. but not sending the message. What is the errors..?
Try adding this to your code before the redirect happens:
$mail->SMTPDebug = 2;
exit;
This will show the debug errors from the SMTP server.
I'm now getting this
"Message could not be sent. Mailer error: SMTP Error: Could not authenticate.Message sent, please check your inbox."
Is it a firewall issue with smtp server?
Hi sir, i tried and success to run it but after a month a open it got this error. can you help me please? Fatal error: Uncaught Error: Call to a member function setFrom() on int in C:\xampp\htdocs\fyp\send-password-reset.php:28 Stack trace: #0 {main} thrown forgot password
What is on that line of code? (line 28)
I saw my smtp account is disabled restricted access just now, is it the issue why I got error?😮
Hmm I write the code for u just now but I don't know why it didn't show here...
@@sakuralee9800 Try putting the code on something like pastebin and posting the URL here
@@dave-hollingworth I can fix it already, thank you sir 😁
Hello Dave.
First, thanks for your lessons. They are great!
For me, the reset-password.php file does not work on my domain, PHP version 7.4
Reports an error: Failed to load resource: the server responded with a status of 500 ()
An error occurs when executing this line: $stmt->bind_param('s', $token_hash);
PHP 7.4 no longer receives security updates, I recommend updating it as soon as you can. A 500 error is an error on the server - see this video on how to see the actual error message: th-cam.com/users/shortst6KpIfHPFGw?feature=share
Thanks for your reply. It didn't help me. If I change the PhP version, then other things don't work for me. I am not familiar with PhP. The above error occurs when executing this line:> $result = $stmt->get_result();@@dave-hollingworth
Can you suggest an alternative method ?
how to set up composer?
Follow the instructions for your operating system here: getcomposer.org/doc/00-intro.md
Hii how to download vendor/autoload.php please give me link
This file is generated automatically when you install packages using Composer
@@dave-hollingworth im saving the same issue it didnt load in the vendor/autoload.php idk what to do here
@@flavoredtears3898 When you run the "composer install" command, it will create the vendor folder in the same folder you run it from - check the output of that command to make sure there were no errors
Message could not be sent. Mailer error: SMTP Error: Could not authenticate.
What is the problem?
Check the user and password you're using to authenticate with the SMTP server
Getting the same error, as far as I know my username and password for the SMTP server is correct as well as the settings for the SMTP server. Can I ask what server you're using? Or if you fixed it?
@@Doyleur the same as on the video, but i didn't fix it :
@@Doyleur I use mailgun. You can always try the SMTP settings in a regular email client (e.g. Thunderbird) to see if they work there
Where is Autoload.php
In the vendor folder
Hi @dave-hollingworth. In the last step of the "process_reset_password" I'm comming across a following problem: Fatal error: Uncaught Error: Call to a member function bind_param() on bool in C:\xampp\htdocs\TCC\TCC\process-reset-password.php:39 Stack trace: #0 {main} thrown in.
Could you help me to solve it out!?
This means $stmt contains false - check the SQL is valid
@@dave-hollingworth thanks Dave, I’ve found the error 👍
thx a lot all work well however the only problem for me is when i click on signup and i write name ,email,...and i click send always show me this message:email alreay taken although the email is not used so in this case i insert manually id,name,email..into the table user and i succeed to do all the other things.
help please
thx in advance
Try adding this line:
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
@@dave-hollingworth you know i went to cafee and now i return to my laptop and i try again however in this all works well without adding anything thx very much best friend
Hello dave, thank you for the great video however, It shows here that in my code
Warning: Undefined array key "email" in C:\xampp\htdocs\dms\send-password-reset.php on line 3
pls help me
What code is on line 3?
Fatal error: Maximum execution time of 120 seconds exceeded in C:\xampp\htdocs\projects\test\template\demo\vendor\phpmailer\phpmailer\src\SMTP.php on line 1269
please I am getting an error, Message could not be sent. Mailer error: SMTP Error: Could not authenticate. Massage sent, please check your inbox
Check the username and password you're using for your SMTP server
thanks you are the best@@dave-hollingworth
send-password.php code its not working its not updating reset_token_hash and the reset_token_expires_at any help ?
Do you get any error messages? Try temporarily stopping the script before it redirects so you can see them
Thanks for your reply , i really appreciate your Code the problem was at the DB Connection yours is a Prepared statement mine was a Normal connection , what do u think Prepared Statement is more secure or both are good , also there was an bug at your Register Process the client can use someone elses data to register for example you forgot to prevent duplicated inserts :)@@dave-hollingworth
please in reset-password. php i don't understand if we must put $token_hash in the place of ? in the query $sql="select * from user where reset_token_hash=?"; because i think ? will replace $_get['token']
and in the table user we store reset token hash and not the token
help please
just i want a clarification
thx in advance
i think this :
$stmt->bind_param("s", $token_hash);
in the script reset-password.php will put $token_hash in place of ?
so because i don't know this ligne of code
do you confirm me?
thx in advance