How To Create A Forgotten Password System In PHP | Password Recovery By Email In PHP | PHP Tutorial

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
okay so in this episode you can learn how to make a forgotten password system inside your website and this is sort of continuing off a previous episode I made on how to create a login system so I'm gonna go and leave a link for that in the description if you haven't learned how to make a login system it kind of goes that you need to learn how to create a login system in order to make a forgotten password system because this sort of goes together but it doesn't matter if it's my login system or if it's some that you made by yourself any kind of login system will work for this episode here so it's also aware that now when it comes to creating a forgotten password system there's a couple of different ways we can do it there's essentially what I can think of three ways we can do it the first way which is a way you shouldn't be using because it's very unsecure is that we simply send a password from the database to the user by email if you ever go to a website and the reason I'm mentioning this method is because if you ever go to a website anywhere online that simply sends you your password by email then you shouldn't be using their website for anything secure or sensitive because it is a very unsafe website to use because they don't protect your information inside the database so this first method is not going to work but I'm mentioning it because if you see it then stay away from it the second method is that we as to own up the website can when the user goes into the website and clicks on that link that says I forgot my password we can create a new password for the user that we update the database with and then we send that new password to the use of my email then they can take this password lock in to the website and then change the password themselves inside the website which is sort of a solution we can we can do but we sort of run into the body called the issue of usability because most users don't want to get a new password that is a bunch of depressed characters and then lock into the website and teens to password again so most users do want to just be able to have an email sent to them where they can click on a link that takes them to our website and then it just simply can teams you know the password inside the website by creating a new one and that's the third method which is what we're actually gonna do in this episode we're just and send the email to the user that takes them back to a website where they can just simply write in their password that they want the password teens to the reason that that method is better is because we allow for better usability inside the website but this method is also slightly more complicated than the second method I mentioned and we're going to be talking about something called tokens which is a new concept to probably a lot of you but I will try to explain it as well as I can as you go through this episode here it's not that complicated once you've really get into it but if you haven't seen it before you might get a little bit overwhelmed but you know just calm down we'll do together and everything's going to be fine so what I want to mention here is the fact that as you may have noticed the three methods that I talked about involves sending an email to the user the reason we want to do this is because sending an email to the user adds another layer to security by the hacker if a hacker were to gain access to our website and they want to you know reset the passwords then they also need to have hacked the user's email account in order to reset the password so this is a good way to do it because they also need to they would also need to have access to the user's email so now there's a lot of security things you can do through these sort of systems this is a basic guide on how to do this there's always a lot of things you can do for example there's something called cross-site request forgery that you could do which is something that we're not gonna talk about in this episode but I will probably have an episode later on in the future that talks about this just now this is a basic guide on how to create a forgotten password system that is going to work in the end now before we get into there so let's talk really briefly about what a token is because that is going to be one of the major highlights of this episode which is that we're going to create this token now a token is essentially a one-time password that we create for a short period of time that we use in order to properly authenticate that this is the correct user who's trying to reset the password that is basically what a token is we're basically going to make a new table inside the database that has these tokens in it and when a user clicks that I forgot my foot button we're going to make a vertical arrow inside that table the simply has the information of who's trying to reset the password and we're going to use that to authenticate the user when they actually reset the password so that space of you what a token is in very brief and basic terms so let's go ahead and type into what we're going to do it because I've been talking for a long time now but I think it's important that you know exactly what you're getting into before we get into it there's one more thing I need to mention because we're sending emails to the user when they have to reset the password we're going to be using the mail function inside PHP to build in mail function now if you're not aware of this when you set up a mail function using PHP you might have done it before using just a basic contact form you might have noticed that in a lot of cases the emails don't actually get sent to the person you're trying to send it to and that's because if we're working on a local version of the web site like I have here we don't have a mail server running on our computer you need to have a mail server in order to use the mail function in PHP when you upload a website to the Internet onto your server that is online a lot of times they will have a mail server on that platform so you will be able to send emails to yourself inside the web site so if you have a contact form they can send it to you if you have a meal what they call email accounts set up inside your hosting company but there's also going to be issues when they send mails out to other people because you need to have a mail server that sort of takes care of this so do you keep in mind that a mail server is a important aspect in order to actually get the email sent I will make sure I'll leave some links in the description so you will have some places to go to to learn more about how to set up a mail server so check out the description if you don't know how to do this I do believe you can also use T mail to set up a mail server which is kind of cool so I will also if that's possible leave a link for that in the description I know I've done it in the past so Gmail is probably an option here so you can just create a basic gmail account and set it up as a mail server if if that's something you want to do but enough said let's actually go and get into this episode here what we're going to do is I'm going to show you exactly what we're going to be building this is my online version of the finished website we're going to build today and this is my email account inside my hosting company and because there's a mail server running in seventh hosting company I can send emails to myself so if I were to go inside the website and sign up because I honestly don't remember what my usernames were from the previous episode I'm just gonna go ahead and make something like test tests as a username just going to use my Denny Adam intuitive Nets woody call email I'm gonna use a pass which is going to be one two three one two three sign up now if I words to say yikes I forgot my password then what I can do is I can go into my signup page at the bottom here says forgot your password again you can put that link anywhere inside your website I put it inside my signup page that's just my personal choice so I'm gonna click it it's gonna take me to a page that says reset your password and then I can type in my email address it was the one called Danny Adam intrude studnets then I can receive a new password by mail so I click it and it says take your mail I'm gonna go and go to my web mail just refresh it and there I have a link so if we were to click it I am going to just copy the link that is in here again the reason that this isn't very pretty to look at and it's not an actual linking just click on because you might want to have that it's because this specific mail server or this mail inbox that I have here doesn't really allow for real links so that's why I have to sort of you know drag over and highlight it and then paste it inside the browser so don't worry about that you will be able to actually click a link in this episode here so if I were to go to the link right now we do actually have a token activated inside our database just in case you didn't know when we sent the email to us that token was created and it's still existing for a limited amount of time because you don't want a token success for too long and you also want to make sure you never have more than one token active at once once you do have at least per user inside the website so anytime you've done with a token and you have reset the password you need to delete the token again so that's important so in here I can just write mi new password last it was one two three this time I'm gonna go and say test one two three test one two three reset the password your password has been reset so I've go up to the top here I can go and say well my username was test tests and test 1 2 3 and if we were to login you can now see you says you are locked in so I reset my password using my basic system here that was the demonstration I will go and leave timestamps in the description so you don't need to you know so you know you can skip forward if you need to just in case you need to know so what we're going to do now is I'm just gonna go and go into my local version of this website I'm not gonna work on an online because then I need to upload the files each time I make attaint is to it so I'm just gonna create the website online locally and then I'm gonna upload it online afterwards so that's probably the easiest way to do this I know it's possible to set up a local mail server but it's not something I want to get into this episode here because it's takes a little while let's go and just type in to what we have here right now I'm inside my sign of dot PHP file again if you made a different login system than my previous login system tutorial yours might look different what I have here is just my previous login system signup page it is essentially this page here so there's nothing there's not a lot going on inside this page here so what I'm going to do is I'm just gonna go and create a basic link and I'm just gonna go and send it to my whatever page I want the user to be able to reset the password in so we're just gonna go ahead and link it to a new page to be haven't created yet inside the website this is going to be an actual page inside the website so I'm going to create a page that I want to call reset password dot PHP and then I just need to include some text in here so we can say something like for God's your password and that's basically it so we can go and say what we have here and then we're just going to create a new file which is going to be the new page and I'm gonna go and save that in sup my root folder so I'm just gonna go and save it as reset password it was called we said password dot PHP okay so now we have this new file and what we're going to do in here is we're going to create just that basic page that I showed you guys inside my inside my website here so we click forgot your password this is what we're going to create so it's not going to be that complicated so going inside this page yeah I'm just gonna go and copy/paste what we have from inside the signup page because we need something looks identical and I'm just gonna go and delete everything inside my main section here that I've included to include content so I'm just gonna go ahead and delete what we have here there we go so we just have some basic containers and what I'm going to do is I'm just gonna change the title because it needs to be called something else i'm gonna call this on reset your password and then below here we're going to include a paragraph because we need to explain to the use of what they need to do in a lot of cases we do need to do that otherwise the user doesn't understand so I will say I'm just gonna copy my text over here from my teach sheet because I did do have my teacher over here from the online file I showed you an email will be sent to you with instructions on how to reset your password just something basic then below here we're going to just create a form I'm just gonna go and delete the classes for now I'm not gonna do any styling because that is something that you guys should know how to do again in my login system tutorial even though I mentioned it styling is not something we're going to be doing in this PHP series it's something that you should know how to do by now and it's something that just takes up time in these episodes which are already going to be quite long so styling is not going to be something we have in these episodes you still know how to do it so now do we have to form here I am going to go ahead and set a new action because we're not going to send him to the index page instead I'm going to send them to at least I'm gonna send this information inside this form to a separate file that it's just going to have PHP scripts inside of it so in my personal websites I like to have what is called include files inside a separate folder when you have files inside your website you have regular pages like the signup page the front page and that sort of thing and then you also have files that doesn't really get shown inside the website but has PHP scripts inside of them to just run and you don't ever see them inside the website I put these files inside a separate folder to have some system inside my root folder called the includes folder and I have a special way I named these files so don't get confused about me putting them inside folders and naming them a little bit weird so I'm gonna go ahead and call this one reset requests and so far there's nothing weird about the naming but then I'm gonna call dot Inc dot PHP don't get confused about the dunning dot Inc part I could also just called it reset dot PHP it is just naming purposes this entire thing here again people keep asking me in the previous episodes this entire thing here's the name the dot Inc is not the extension it's just a name dot PHP which is the extension okay there's nothing hocus-pocus going on here the method is going to be set to post and then we're going to have one input inside the form so we're going to set an input the tab is going to be text because we want them to write their email so we can actually send them the reset thing to the email so we're going to set a name that is just going to be email we're not gonna have a value but we're going to have a placeholder because we don't want to fill everything in for them then we can write something like in to your email address so we can say enter your e-mail address I think this is correct to these and then we're going to include a button it might be 1d I'm a little bit unsure about it now we're going to set this one as a submit type and I'm gonna go ahead and set the name to let's go ahead and set this one to reset requests submit just to have a name for it now this is what we're going to be this name here we're going to use to actually check if the user entered the next script that we're going to open up in the correct way if they try to enter because you can go inside the URL and just go ahead and enter any sort of include files by going inside the includes folder and then accessing D script files we don't want to user do that so that's why we want to include this special little name here so inside the button we're just gonna go and say receive a new password by mail by email there we go so now that we have this we just need to create this file called reset request at Inc the PSP so we're going to go up inside our text editor create a new file I'm gonna save it inside my include folder as like I said it was called resets requests dot Inc dot PHP if I believe that was correct I'm just gonna double check yes that is correct and in here we're gonna go ahead and set up the the code that is going to send the email to the user and we're also gonna go ahead and create the token inside of here now this specific script is going to be the most complicated part about this episode so you've been warned ahead of time once you're done with this and you understand it then you can breathe lightly and think okay that was the hardest part so in here we're going to open up the PHP tags I'm not gonna close the PHP tags because there's no need for that if you have a pure PHP script file because there's no HTML coming after what we don't have to close it a lot of people ask me about that and I'm gonna go ahead and do a if statement that checks if the user entered is paid correctly by actually clicking this reset password button that was what I was talking about before so inside the if statement I'm gonna check if something is set which in this case is going to be a name attribute from inside the forum called resets requests submits if I was not mistaken and we don't need to just include it like that what you actually need to just copy it and make sure we check for a post method called that specific thing so there we go now that we did this everything that is inside the if statement is going to be shown if the user did enter this page correctly we could also just as a safely safe precaution if the user did enter this page incorrectly send them back to the front page so we're just gonna go and say Elle's header and then say we want to send them to a location which is going to be dot forward slash because they're going back a folder inside our root folder again if you didn't include these files inside a includes folder you don't need to include dot four slash and then we're gonna send them to index dot PHP okay so inside of here the first thing we're going to do is we're gonna wax it gonna go ahead and start with the tokens before we do anything else now a token has to be made trips are graphically secure and we have PSP functions that are built into PHP to help us do that the newest one s of this video here are going to be using a couple of functions one called random bytes and one called pin to hex now random bytes is going to generate random bytes that we can use for creating this token which is going to be cryptographically secure and then the bin so hex is going to convert these bytes to a hexadecimal format that we can use inside a link because when we send a link to the user by email the token is going to be part of that link and it has to be something we can actually insert into the link which you know bytes is not something we can really do so that's how we're going to do that so we're just gonna start by creating a variable called a selector now something I didn't talk about is the fact that we are going to have not one but two tokens we're going to have one token that we use in order to actually authenticate that this is the correct user then we're going to have a separate token that we're going to use to look inside the database to make sure that you know to actually pinpoint the token that we need to check the user with when they get back to our website because I separate these two tokens we could use the same token for both of these functions but because I used two different function tokens we avoid something called timing attacks and timing attacks is a way for a hacker to brute force their way into our website so this is going to help with that I'm not going to get too much into timing attacks because that is that's a separate subject so just know that this is for safety we're doing this so we're going to create a selector token which is going to be again we're going to create random bytes so we're going to use two random underscore bytes function we have inside PHP and we're just gonna go ahead and generate eight bytes now with this we're going to convert this to hexadecimal format so we can use it for later so I'm going to say we have another function called pin to hex and again once you do actually get the token and we have to authenticate the user later on when they do try to reset the password we need to convert this back to a binary so hex to by tube in which is another function we have but we're going to use that later so now that we have des we can actually just go ahead and well we shouldn't copy paste because we don't need the second function in here and we're just gonna go and create another variable we're gonna call this one token which is going to be the one that actually authenticates the user to make sure this is the correct user we're gonna set this one equal to random on the scope bytes and this one has to be slightly longer because this needs to be secure so we're going to say 32 bytes so now we have two tokens that we're going to use for later and we're gonna go ahead and go down below here and the next thing that we're going to do is we're going to create the link then we're going to send to the user by email so what I'm going to do here is I'm going to say we have a URL now depending on your website this is going to change because my website is called mm2 tips so I have to use that as part of my link go ahead and make your link into your website so change the recording here I'm going ahead and set this one equal to www.youtube.com forward-slash forgotten password again this is just because I have a folder inside my online version of my website called forgotten password where I inserted this episode so you might not need to have forgotten password as part of your URL just write your URL that's essentially what I'm saying this entire first part here is just my URL for my website you need to change that then after the fourth last here at the end of your URL we're going to go ahead and refer to a page called create - new - password which is a page we haven't created yet inside our website dot PHP now when we send the user here we do also want to include the tokens so inside the link here what I'm going to do is I'm gonna go ahead and include first of all the selected token and then after what the regular token that we're going to validate the user with so we're going to say we have a selector gets method inside the UL we can grab you well we can grab it using a get method and we're going to set this one equal to the selector we just created up here now I'm just gonna go ahead and say I want to inclusion PHP there you go I know there's you can just include variables when you use double quotes but it's the habit of me to do it this way so that's how I'm gonna do it make sure you close off the double quotes here because that's important otherwise you can add PHP as part of the string and then afterwards say I'm going to say and we have a validator if I can spell that that is going to be set equal to again another piece of PHP code so going to say want to set equal to this token up here but in this case here we want to make sure as well because you might have noticed we didn't convert this to hexadecimal format up here and that's because I want to later on inside our script here include the token inside database without converting it to hexadecimals so this token is not going to get converted to hexadecimals until we get down to create the link down here so we're going to use the in two hex and then put it inside the parenthesis here there we go so now this URL is actually something we can use when we send it to the user now that we did this the next thing we need to do is we need to create a expiry date for our token because like I said a token should not be something that is allowed in infinitely inside the website when you create a what you call when you go to any kind of web site and you ask to get a reset password set to your email it's going to deactivate after maybe 10 minutes or 30 minutes on our a lot of people would say an hour would be too much but that's what we're going to go for in this episode here so what I'm going to do is I'm going to go and create a expiry date so I'm gonna say expires as a variable then I'm gonna go and set this equal to to the date method we have inside PHP and I'm gonna code and set it to a you format which is just going to give us a just a generic format for the date that we have today and then I'm going to add an hour to it which is going to be in I believe seconds so we're going to say want to add 1800s to it because then when we insert this into the database as the expiration date then it's going to be one hour ahead from now if I were to do that right now it's going to be one hour from now and then when we get back to actually reset their password when they get back to our website we need to make sure that the date is not past what we inserted into the database so that's the basic idea here so we're just gonna go and add this right here let me just go and move everything down so you can access see what's going on here there we go okay the next step is that we need to actually set up the token inside the database because we need to not only create the URL we're going to send to the user but we're also going to have the token inside our database so what I'm going to do here is I'm going to go inside my localhost access my database and inside my database what you're going to do is you're going to go ahead and create a new table so select your database go inside the SQL tap and we're gonna go and create the new table in here so in here I'm going to create a table called password resets and this password reset table is going to have two tokens we're using for this episode here so I'm going to say want to create table it Mexican zoom in because you guys can't see anything what's going on in here create table PWD resets parentheses semi-colon you're just going to move this down on separate lines there we go and in between here I'm going to go ahead and create an ID column which is going to be called PWD resets ID and I'm going to set this one to a integer and have maximum 11 characters then I'm going to set this one as the primary key also incremented to make sure it increases by itself or two increments and we're gonna set it to not not there we go then I'm going to set a password reset email because we need to also store the email of the user that is trying to reset their password so we're going to do that as well I'm going to set this one to a text type and I'm gonna go and set this one to not know make sure on the last line here you don't include a comma at the end but on all the other lines make sure you include a comment because a lot of people get that error too when they write me in the in the comments section we're going to create one called password reset selector which is going to be the first token that we created inside the code so this is going to be to select the one we're gonna set this one to text as well no no next line we're going to set the actual token that we're going to authenticate the user with so we're gonna say password reset token and then we're going to set this one to long text just to make sure it can get as long as possible again there's a lot of different data types you could set the terms just consent to long text here and password reset expires which is when the token should expire and the user should no longer be able to use it so that's going to be the last we have here so password reset expires and then we're going to set this one to text cursor to not know and there we go so now what you want to do is you want to actually run it inside the database so we actually have it inside the database now once you're done here I don't know if you know how to upload our website to the internet but once you upload your website to the Internet make sure you export dex of database you can actually now i would typically run it but i do think i have it inside my do you think have it inside my database already so what should go back here actually no i don't have it so we could actually just do that just go ahead and run it there we go and as you can see we now have a password reset a table as well that has no data inside of it now when you upload your website to an online server make sure you export the database and import it into your online version of the website server database it's cold make sure you do that so now that we have this you have everything you need to have inside the database and we can actually continue inside the PHP code so the next thing we need to do in here is that we're going to go ahead and insert this inside this table we just created so the next thing we're going to do it's going to go to a couple of new lines and we're gonna code and connect to the actual database because we haven't done that yet and I don't want to do it until we actually created all this here so what I want to do is I want to say we include what we could say we require these basically does the same thing we just think we can just choose they want to include an error message with one of these and we can't with the other so they do much the same require DPH dot Inc dot PHP which is name of my date of his connection file which I have inside my root folder just to show it because that's probably pretty important for you to see I'm just going to find it here it's somewhere ok so this is my database file and as you can see it's very basic with just a basic information about the database you know so we can connect to it and then we just simply connect to it down here now this variable which is equal to the connection to the database is what we need to grab in order to do what we need to do inside our file so I'm just going to go back cite the file here and close off the required statements and then what we can do is we can actually go ahead and fetch the information from the form that send us to this specific file here because we haven't done that yet and we that's the very first thing you should probably do but I choose to do it later again you can do whatever what do you wish to do I'm just going to follow what I do here and you'll be fine I'm gonna set up a variable called user email and I'm gonna go ahead and set it equal to a post method because that's the method we used to send the data to this file and I'm gonna go ahead include this actually go make sure we don't use a colon but a semicolon and then in here we just simply include the post name that we included inside the name attribute inside the form so in this case is the email we're trying to grab so I'm just gonna write email because that was the the name that we used right here now what we need to do now is we need to actually delete any existing entries of a token inside the database that's the first thing we need to do to make sure that there's no existing token from the same user inside the database if the user tried to reset the password let's say 20 minutes ago then there might still be a token inside the database if they didn't reset that password already so I have to try to send the booty-call the email to themselves twice without resetting the password then we're going to have multiple tokens and we don't want to have that so we're going to first of all access the database and delete any existing tokens from this specific user here so I'm going to create a SQL variable that's going to be set equal to a SQL string I'm actually going to scroll down here so we can actually see and it's going to be a delete statement so we're gonna say we want to delete from password reset which is the new table we just created where password reset password reset email password reset email is going to be equal to question mark because we want to use prepared statements here so we're not going to insert any data directly inside our SQL statement want to do that separately because otherwise you don't make a secure system here next thing we need to do is we need to create a prepared statement so can actually do this we're going to create a variable called s TM t which statements and we're going to go ahead and initialize a new prepared statement using the connection from our database so we're going to say my SQL I'm and this is a MySQL I way to do it if you want to do it using something else then do that this is going to be using PHP MySQL functions just so you know that I'm going to say underscore as TMT underscore in its for initialize and then we just need to initialize the connection from inside the database file which we link to up here right there and that is going to be the variable conn variable behave in there now that we have this one the next thing we need to do is we need to prepare the prepared statement to get it ready and we're going to prepared with this SQL statement that we write a road just up here so going to say we want to first of all create an if statement because it might as well check for an error why we do that at the same time so I'm going to say if we do not get a proper prepared SQL statement if it fails and can't be done then create an error message if it does succeed then we're going to have an else statement that continues to script in here so I'm going to say if we fail a MySQL i underscore statements underscore prepare with first of all the statement that we created up here so we're going to save variable is TMT and the SQL statements there we go then go ahead and create an error message and again you can create any sort of error message I'm just going to go and echo out something you could also send a user back to the whatever page inside the website I'm just gonna go and create an error message here says there was an error there we go and then I'm just gonna go ahead and exit my script here just to make sure we don't continue it there we go but if it does actually succeed then you want to have an else statement now a person asked me why do I always take four arrows before success inside these sort of things simply because if we check for success first then we often forget to check for errors the words so taking for errors first is also important but we sometimes get hung up on the fact that we just want to finish the script so we forget to do error messages so that's why I do that afterwards here we're going to go ahead and actually execute this SQL statement inside the database so we're going to say want to run a MySQL i underscore statements underscore bind underscore param which means that we're simply going to tell it what the question mark is going to be replaced with before we execute the statements and in this case we want to replace it with the actual data that we got from the user which is up here just grabbed it right before we started doing this so what I want to do is the first of all want to say we have a statements and we also have a parameter that is going to be as specific or not a parameter but we're going to have some data there's going to be a specific data type in this case I'm just going to set to s which means it's going to be a string data type and we're just gonna have one so we just need to have one s and then I'm gonna go and link to the the post data that we grabbed up here so now we have the data and we binded it with the statements so all we need to do now is we need to execute it so we're gonna say MySQL I on the score statements os TMT underscore execute and we're just gonna go and execute two statements there we go so now we executed it and we deleted any sort of entries from inside the database that might have included this specific user and a token so the next thing we're going to do is we're going to go down to the next line down here now people complain about me nesting all my statements within each other so we could essentially continue to script inside this else statement a lot of people thought there was unnecessary and clunky so we're not gonna do that anymore apparently so I'm just gonna continue below here and the next thing we're going to do is we're going to go ahead and actually like I said insert the token inside the database so I'm going to create a new SQL variable and I'm going to set equal to a insert statement so we can actually insert the data into the database so we're going to say insert oh this actually include double quotes first and the semicolon at the end here then I'm going to say insert into PWD resets and then I'm going to include the data and values there we go just gonna include a semicolon at the end here we could also do that up here that would actually be the the normal thing to do so let's go ahead and do that so in here we're going to first of all write down the names of the different columns you have inside the database just gonna fetch them from my cheat sheet here so I can just read them out the first one is going to be password reset email now again we already included a auto increment to the first column inside the database so we don't need to include that in here it was done automatically so we don't need to do that the second one is going to be the password reset selector so I'm just gonna paste again and then change it to select time and make sure I spell it correctly otherwise we're gonna get errors then we're going to go to the next one and say password reset token capitalized and then the last one is going to be the password reset expires there we go then the values are going to be what we have from inside what we call inside our script here but for now we're just gonna go and include placeholders because like I said we want to use preparedstatement to make this secure so we need to have for preparedstatement placeholders there we go so for question marks now we just need to do the exact same thing as up here so I'm just gonna go and copy paste a lot of the things that we have up here so I'm just gonna say we have the if and else statements that is gonna come right afterwards and we're gonna still check for this error here if we can't in fact run this inside the database because if nothing is going to give us an error and inside the else statement we're going to change a couple of different things before we execute it first of all we need to hash some of this information here because we shouldn't insert any sort of sensitive data inside database without protecting at first in this case here the token is very important that if a hacker were to gain access to our database that they can't just the token out loud so we need to do some kind of hashing method note to hash yet now you could use something that's not as powerful as what I'm about to use but I'm just gonna use this one because that's the one I always use when I has something and insert into the database so we're going to use just a basic bcrypt method that always updates itself so I'm just gonna go and say we have before we run the statement down here a variable called hashed token I'm gonna set it equal to password underscore hash parentheses and then I want to include what I want to hash in here so in this case it's going to be the token that I'm going to grab from up here and that's why we didn't convert it to hexadecimal yet because I want to make sure we could insert it inside the database down here and then afterwards I'm going to tell I just want to use the default really called hashing method so we're going to say password underscore default so now that we have did we can actually use this data to include inside the next statement down here now we do have four different question marks or placeholders inside of SQL statement so we do need to have four different string s's inside our function down here then the first one we're going to include down here is going to be the user email again because that's part of what we need to insert here and then we want to include the selector which we have up here just gonna go ahead and grab that one so we have a selector I'm gonna paste it in then we're going to insert the hessed token that we just created and then the last one is going to be when sort of expire so we're going to grab the expiration date here there we go so now that we have this we just simply run this and now we have a new token inside the database so that's all we need to do here so what we did now is we finished all the actual database stuff so it's a good idea to close off what we have here so going below I'm just simply gonna go ahead and run a MySQL i underscore as TMT I'll just go close to close any sort of left out statements and then I'm just gonna go ahead and copy paste a statement in here because we want to make sure we close this specific statement and then we're gonna go and close the connection because I don't want to have a open connection running even though it's proven that this new MySQL ions got closed it does really matter if you close it or not but it can do something about resources inside your website so just to do it we're just gonna go and make sure to close any sort of connection here so we're gonna say closed parenthesis semicolon okay so now that we have this all we need to do is send the email so we're going to go down a couple of lines and we're gonna get started on sending the actual email so first we need to say who do you want to send the email to so we're gonna set it inside a variable I'm gonna send it to the user email because that's the one that gave us that we need to send the reset password to so just gonna use that one then I'm gonna go below here and I'm going to create the subject if I can spell that subjects and I'm just gonna go ahead and write something that it's going to be the subject when they receive the email so in this case here just gonna copy paste what I have here I'm just gonna write researcher password for mmm toots I could say haven't touched up net if it had to be that obvious going to the next line here we're going to create the message that is going to be sent to the user I'm just gonna go and write this out with you so we can understand what is going on here I'm gonna go ahead and say we have a message variable there's going to be equal to single quotes semicolon then inside of here we're going to include HTML as well because we can't do that if we set up the the headers section of this email correctly so I want to include a paragraph here and I want to make sure that this paragraph says something about let's let me actually go and copy that text and we're just gonna go and paste it in here so we're just only gonna write something like we received a password reset request the link to reset your password is below if you did not make this request you can ignore this email so something very basic along these lines here let me just make sure we close this off properly there we go afterwards we need to make sure we continue this message here and I'm just gonna go ahead and make this little continuation little trick that you can do when you create something using like this variables I'm just gonna go ahead and create a message variable again and then I'm just gonna go ahead and say want to punctuation equal which means that we're going to continue the previous variable we have up here and I'm just gonna go and include a another paragraph in this case I'm just gonna copy paste again it's going to say something along the lines of here's your password reset link colon and then it's going to go to the next line and then give the user the link that they can click on in order to get sent back to our website and reset the password again we're gonna do the exact same thing we're gonna use the same message variable continuation thing and we're just gonna go ahead and include a link this time which is an anchor tag and include the URL that we have from up here they've just created here we're gonna make sure we include that inside the hyper reference and then we're going to include it inside what we call inside of here in between the anchor tag tags now some of you might be asking me should we include the tokens inside the visible part of this link here and for that I don't think there's anything wrong with it because the user if this is the correct user it will be the correct user looking at the correct link so it doesn't really matter or not and you can also just right click inside the browse and inspect it using to develop the tool and see the the link for it inside the anchor tag so in the end if you have a little bit of knowledge when it comes to website it doesn't really matter or not because they can see it anyways so having this link and closing off the paragraph here do also notice I have a next line thing going on here so we have to link on a separate line we can actually go ahead and include the headers for the email now the headers is a little bit of information that is going to be sent to to tell the mail function how we want to send this and which information we need to send with the email so in this case here I'm going to say we have a headers variable it's going to set equal to double quotes and the first header is going to be who is this one from this email so it's going to be from our website so I'm just gonna go ahead and copy paste it in here I'm going to say from colon then the name of who we are so mm to it in this example to include the email inside a couple of not sure what you call those that the pointy arrow thingies I'm not sure we call in English and then we're just simply gonna go to new line by saying is less our slash n which is something we used in order to go to new line inside PHP so now that we have this we're just gonna go ahead and copy the header paste it below here because we have more headers than just this one and we need to do the same thing because we need to combine the next information into this variable here in here we just include who you want them to reply to if they were to receive the email and then click on the reply button who do you want them to reply to so if they want to send an email back then in this case I want them to send it to my user on toots at gmail.com it could also be the one I used in my example at the beginning of this episode called any ads and then to set up nets I believe it really depends on you and then we're gonna go and copy it whoops and go down to the next line cuz we're not done yet we're going to include one more thing which is going to be the thing that actually allow for HTML to become part of this email here if you don't include this line that I'm about to include here then hTML is not going to work inside the email you send them so links and layout and that sort of thing will not work we could also style this if we wanted to but I just didn't do that in this episode here so we're gonna set a constant type content - type colon it's going to be text forward slash HTML and then again want to say back slash if I can actually do that correctly on my keyboard here backslash there we go our backslash N Save it so now that we have this we just need to send it to the actual users or going down a couple lines we're going to say we have a mail function which is the one I was talking about needs have a mail server running to actually do this which is why at the end here we're going to upload this to my online version of my website so we can actually test it out then I'm going to include the different information we have up here so the first one is going to be who do you want to send this email to in this case it's going to be our user then we want to include the subject for this email that the user is going to see when he received the email then we're going to include the message and then we're going to include the headers there we go so now that we have this we can essentially just send the user back to what do you call it whatever pace that just came from in this case the signup page with a success message to create a header function I'm just gonna go and set this one to location colon then I'm gonna go and go back at the rectory because as I said I'm inside my includes folders I'm gonna say dot dot forward slash then I'm gonna send them to my reset password not the signup page the reset password page because that's where I came from reset pass words dot PHP and then I'm going to send them a success message with it so I'm just gonna say question mark reset equal to success and there we go that's all we need to do in this specific page here so going back to our reset password page we do need to have this success message visible when they return to the page again I showed you how to do that in the login system episodes I'm just going to copy paste and really explain briefly what it does here so in here after the form which is where I want to display my error message or success message I'm just gonna go and include some PHP code what I want to include here is just simply a is set statement that checks the URL for a reset gets parameter and then if that exists and it's equal to success then I want to include a paragraph with a success message that says take your email account or something could say account doesn't really matter sup to you so now we have this we basically have the first part of this system here the next part is when the user received this email and sends themselves back to our website they need to land on some kind of page where they can actually reset the password now when we go back inside our document here that we just created the long one you can see that inside our URL we send them back to a page called create new password with us which I said we're going to create later on which is now now it's later to copy the name for this page going to create a new file save it inside our let's say it's inside our regular root folder not inside the includes folder because this page we can actually see inside the website called create new password dot PHP now inside this file we're just gonna go and copy paste what we have from inside the reset password file because we need to have the same header we need to have the same footer and that sort of thing I can actually find the documents here there we go and now that we have this in here I'm just going to delete some of the things we have inside my main containers here I'm also gonna go to delete the h1 tag here cuz I don't think it fits in to what we're doing here so now that we have this we can actually go and just include the the form that allows for them to reset their password inside our website now before we do that we do need to check for these tokens that's pretty important because we need to check if the tokens are inside the URL and once they do actually reset that password we again need to protect the tokens with what we have inside the database inside a separate script file so right now we just need to check for the tokens inside the URL the way we're going to do that is first of all we're just going to grab the tokens so inside of here I'm just gonna open up my PHP tags there we go and inside of here I am going to I notice I say that a lot inside of here at this certain catchphrases I keep using inside my episodes what I'm going to do is I'm going to create a selector variable constat l2 dollar sign underscore gets brackets semicolon and then I want to grab the one called selector inside the UL because we have selector equal to something inside the URL and again I can prove that because if we were to go back to reset request you can see it says the lecture equal to the selector we chose and validator equal to whatever we chose so the next one is going to be valid data we're going to check for so I'm just going to copy/paste what we have here and check for a validator and again we're also gonna change this down here so we're gonna call this one validator or we're not going to call it token anymore just gonna call because cepsa tocome used to validate the user inside the website so now we have this we can actually go ahead and to the text that we need to run to check if these tokens actually exist inside the UL again this is just an extra safety precaution because you want to make sure that nobody tried to mess with the tokens inside to UL that's why we're doing this here so I'm going to run the if statement and I'm going to go ahead and check if these were empty because you first of all need to take if we do actually have these tokens inside the UL as we're going to check for a selector or if the validator is empty and we're just going to go and change the name here there we go let's actually make sure that's a variable after doing this I'm going to check for errors first so I'm going to echo something like we could not validate your requests if they did not have these tokens inside the UL so I'm just gonna copy paste what I have my notes could not validate your request and then afterwards we're going to create an else statements inside the else statement we need to check if these are in fact liggett's tokens and we can do that by running a if statement and then inside the condition of the if statement we're going to run a new PHP function which is basically going to check if these hexadecimal tokens we have inside the URL are in fact hexadecimal tokens so that the correct type of token that we want to see inside the UL so the way we're going to do that is by using a function called C I have to look at this because I don't usually use these functions that often so I need to see how that spelled c type underscore x digit parentheses and then we're going to check the selector to make sure this is in fact a proper hexadecimal format now when we run this function here is going to give us a true or false statement meaning that we need to check inside the if statement if it's not equal to false in order to check if this is valid or not so we also need to say exclamation mark equal equal to false or equals check if it's equal to true into pathways it's just a habit of programmers to do it this way here and we also need to check the validator token to see if that one is also a valid type so we're going to just copy-paste what we have here should probably have copied the whole thing so I'm just gonna do that copy paste and check for the validator instead there we go so if this is in fact true and these are in fact valid hexadecimal formats then we want to show the form that the user can use note to reset the password so inside of here I set it again inside of here we're going to close off the PHP text just to make this easier for us so we're going to close the PHP tag there you go and we're going to open it up again down here again this is just a small trick if you want to make this easier for you when you want to write HTML forms I've had people ask me about this too why don't you just close the PHP create the HTML and then open up the PSP again we can do that we could also just echo out the form again that's might not be that friendly for your text editor so we're going to do it in the way that you guys prefer to do it which is closing the PHP opening it back up afterwards so in here we're going to create a form and we're going to just go and delete the class here because I don't want to style it yet and we're gonna code and set a action and the action is going to point to the script that is going to actually check the token inside the database to make sure that this is the correct user who's trying to reset the password and then if they are then we want to update the password inside the database so that's the the file want to refer to here now I'm going to refer to my includes folder because this is not an actual page inside the website so this is a script file and I want to call this one reset - password dot Inc dot PHP the method is going to be post as well because it's the most secure one and inside of here we're going to include quite a bit of information some of it is going to be hidden by the way so we're going to go and say we have an input that is going to be a hidden type of input meaning that we can't see it inside the active browser but it is still there inside the code or inside the HTML markup and we want to go ahead and set a name attribute to a selector because we're going to send a selector to this file here now this input is also going to have a value which is just going to be set equal to the selected graft in the URL so I'm going to go ahead and open up my PHP tags and close them again and inside of here I'm going to echo what we have up there so we're going to echo out selector then I'm going to cough paste this entire thing and I'm gonna go ahead and paste it below and I'm just gonna go and change the next one to validator and then again change the validator inside the echo here like so then we're going to include another input which is not going to be hit and this time it's going to be a password type because now the user is actually going to recreate their password and send it to the script that we have inside the next file we're going to get started on in just a second so we're going to say this is a password inside the name and we're going to go ahead and set a placeholder instead of a value because we want to tell the user what to write here in this example I want them to write or enter a new password dot and then I just want to copy/paste it and the reason I want to have two inputs for the password is because I want them to repeat the password in order to check if these two passwords were the same in the next script file because if they wrote something wrong and they only have one attempt then again they have to reset the password another time because they made a typo inside what they wrote here so just going to be password - repeats for a name and the placeholders going to be something different so repeat new password repeat new password then we're going to include a button and the button is going to be a submit type and now we need to change the name to something just along the lines of the last form is submitted so something like resets - password - submits so we notice it's a submit name then we're going to write reset password inside the button so to know what to click and that is basically it for this section here so now that we have this we just need to create the last script file and then we're basically done so going inside our editor we're going to create a new file and we're going to call this one reset password into PHP so going to save it inside our includes folder save it as reset - password dot Inc dot PHP inside this file we're gonna open up a PHP tags you're just gonna have to live with me saying inside here inside that because that's what I keep saying and I can't stop it inside of here going to create an if statement and I'm going to first of all do the exact same thing as before and I'm going to check if the user got to this page in a valid way mean that they actually click the button that needed to click not to get to this page here so we're going to check for a is sets function that checks if we do have a specific post method available to us which is going to be the one that we have inside the button name so I'm going to say we have a dollar sign underscore post brackets and inside of here we're going to check for a or is it called reset password submit and then we're going to run a else statement that's just going to copy pasted from the previous one we did here so we had the bottom else we're gonna send them back to the front page because it's much easier just to copy paste when we created already once before so now that we have this which I think it's also a thing I say quite often we can actually go ahead and create you know the actual thing that will update the past inside the database after we check if this is the correct user so we're going to first of all grab all the data from inside the form that the user just submitted so going to say we have a variable called selector it's going to set equal to a post method a post already called dollar sign underscore post and we're going to check for a selector just gonna copy paste this because we're gonna need quite a few of them gonna need three more the next one is going to be a validator and I'm just gonna paste the name inside of here and then the next one is going to be the password PWD inside the post method and password inside the variable and then we can say password repeat here then we're just gonna say PWD - repeat I think we called it inside the name attribute so now that we have this we can go ahead and check for a couple of different error handlers because we need to make sure we do actually check for a few things before we continue our a password reset process here the first thing you want to check for is if the user did not include a password inside these password fields so we're going to check if they're empty so we're going to create an if statement I'm gonna check if they're empty again we could just copy paste this from the previous section so let's go back to the previous section and I do believe we checked for empty somewhere didn't we ah here we go inside the create new password which was the previous document we just edited stuff inside up we have a section where we check for empty data so we're just gonna go to copy/paste that because it makes it easier and then I'm just gonna go ahead and replace password with selector and password repeat with validator there we go so now that we have this we can go ahead and say well if these were empty then we want to send them back to a certain page with an error message so in this case you want to send them back using a header just gonna copy paste for my notes because this is not very long I'm gonna send them back using a head to the sign up page that says new password empty or we could send them back to the pace that just came from where they tried to reset their password let's send them back to that page so create - new - password dot PHP with this we can go ahead and continue here so we're just gonna say we have an else if statement because you want to check for something else then we're going to check if the passwords do not match each other inside of here so if password is not equal to password repeat then we also want to send them back with a different error message so we're just gonna copy paste and this one we're not gonna check if they were empty or tell them it was empty we're gonna say password not same or something just include whatever you want inside the error handler here after this we can actually get started on actually checking for the tokens so what we want to do now is want to get the current date because then we can match it with the date we inserted inside the database to check if the token has been expired or not so going to create a current date variable gonna set equal to a date objects inside PHP and I'm going to check for the same format as before which is a cap /u which is going to give us a standard date time then we're going to include the database connection because we are about to take the database for the state here so we need to require or include doesn't matter what you choose the DBH dot Inc dot PHP file then we're just gonna close off this specific section here so the next thing I wants to do is want to select the actual token from inside the database so I'm going to run a SQL statement inside the database selecting the token from inside our new table and we're going to do that using D selects our token not the validator the selected token we're going to use in order to actually run a select statement inside the database cuz I said to separate these two functions and the validator token is going to validate the proper user to separate things that we're going to keep separate just for safety so what I'm going to do underneath what we did actually require the database is I'm gonna go ahead and include a select or SQL statement not a select statement well it's also going to be select statement so I'm going to set the SQL variable equal to double quotes semicolon and then I'm gonna run a select statement select all from PWD reset which is the table that we have the token inside ugh we're PWD reset selector is equal to question mark because we need to have placeholders and PWD reset expires is greater than or equal to current date which is a variable we have up there now I connect to see my notes yeah I did just paste in current date which is the one we have up here I just want to mention this because this might be something you guys asked about when we run a prepared statement inside let's say a select statement like they want to have down here the places you want to add placeholders is for data that was sent by the user so because I created this variable myself not the user but me inside the script here we don't technically need to run it as a placeholder but just to keep everything simple let's go and ignore my notes for now and just keep using placeholders because that might confuse you less and so inside of here after doing this we just seem to need to run this statement here and we can if you want to just go back to our previous would you call scripts and just copy paste because afterwards we need to create a statement we need to run a if-else statement as well and I can just go out and copy paste it in here so below here we create a new statement we simply check can we run this statement with this SQL string up here if not then we get an error and we closed after the scripts elves we want to go and do something here now we're going to change it slightly because we don't want to take for the user email which is just copy pasted but we want to check for the selector that we got sent from the previous form so now we're taking the database picking the what we called the correct token using the selector and then we execute it mean that we execute this select statement up here then what I want to do is I want to actually grab the result so we're going to create a variable called result set it equal to MySQL i underscore statements underscore gets underscore results per entha sees and then we want to make sure we include this statement inside of here because it's from that statement want to get the results from and what we want to do now is we want to Gordon fetch every single row that we have inside the result here which should only be one row because like I said we should always only have one token inside the database per user so here we want to run if statements going to say well if we cannot fetch any rows by saying exclamation mark dollar sign row equal to my SQL i underscore Fitch underscore as suck mean that we're going to grab the data from the database and insert inside a associative array which means that we can simply refer to the data by the column names inside our array here so we need to make sure we include the result inside the function here so now if we cannot get any rows it's going to give us an error because there were no rows to grab from inside the database but if not then we want to continue the script so in this case if we could not grab any sort of rows I just want to throw a error message that are just copy pasted from my notes that simply says something like you need to resubmit your reset request and then exit out the script here afterwards here we want to make sure we run a else statement because if we could get roasted then we need to make sure to do something with that data so now that we have the data from inside the database we now need to match the token that we have inside the database with the token we sent from the forum and we need to make sure that both of these tokens are in binary data the one from inside our form is not binaries its hexadecimal format so we need to convert that back to binary so inside the else statement here the first thing we're going to do is well first of all gonna go ahead and convert our valid data token into a binary so we're going to save a variable called token bin for binary I'm gonna set it equal to a function called hex to bin and then I'm going to include our validator token inside of here so I'm just gonna copy paste it from up here and paste it in so now we can actually match this one with the token from inside the database and that's what I'm going to do next here so going to create a new variable I'm gonna call this one token check which should give us a true or false statement afterwards which is a boolean so I'm going to set this equal to a function called password underscore verify and then I'm going to check for first of all the token pin that we have here and I want to check for the dollar sign row brackets which means that we're going to grab one of the pieces of data we got from the database and I'm just going to refer to the column name here which is going to be password reset token so PWD reset token so now that we have this we should get a true or false statement and we can go ahead and check for these inside an if statement so I'm going to check if our token check is equal to true or false because you should probably check for errors first if it's equal to false then we want to do something you want to just go ahead and echo out a error message so we're going to say once you you need to resubmit your recent request bla bla black just like we did before and then we want to run a else if stay now a lot of people ask me why do I run a else if statement here because it could also just run a else statement but because we're checking if token tick is equal to false the other one has to be true right so if it's equal to true then it needs to run the else statement but what if the data is equal to let's say I don't know Daniel my name because some kind of error happens inside the code it should not be possible but if it does happen then it will run the else statement even though it is not equal to true so we need to make sure we do a else if statement here just to make sure that we only check if token check is equal to true at least that's my logic behind here so we're going to check for a true statement and then we want to actually start updating the password and that sort of thing inside the database because right now everything is like it's supposed to be we use the token to take up the use of the correct user and now we need to do the changes he wants us to do so afterwards here inside the else if statement I am going to go ahead and first of all grab the email of the user because we need to pinpoint which you say inside the database you want to change the password of because we do also have a user table inside the database with the current password that he can't remember so that's the table that we'll need to make changes to now so I'm going to say we have a token email set it equal to dollar sign row brackets and then I want to set it equal or set the name for this specific column to password reset email which is the name of the column we have inside the database of the table called reset password I think we call it that right now we call the password reset that's what we called it so password reset email because we want to pinpoint the same user inside the user table that tried to reset using this token here so we're going to use the token specifically for this purpose here so after doing this we just need to run an SQL statement and we want to actually select the user from inside the database so I want to select all from user table or users table in my case here where the email users is equal to a placeholder then what we can do afterwards here's we can just simply go ahead and run the prepared statement because we use the placeholders so we're just gonna copy paste what we have up here again there's no need to do double work if we just have the same code somewhere else I'm just gonna copy paste there we go make sure I close off the curly bracket here as well because we don't want to receive error messages anytime you get a unexpected something error inside the browser it's because you made a typo you need to check for any sort of errors you made by not including a semicolon or a bracket or something because that's the most frequent question I get from people on my locking system tutorial which is when they get unexpected something as an error message it's because you made a typo somewhere so you need to make sure you double check it to make sure it's correct okay so after we check if we could in fact run this SQL statement inside the database using the statement wrote here we're going to go and grab the user from inside the users table so inside the else statement down here the first thing we need to do is we need to make sure we bind the parameters so we can actually replace these placeholders inside the SQL statement so we're going to run the MySQL hi underscore STM t underscore bind underscore param [Music] parentheses semicolon and then we just need to fill in the information here so we need to grab the statements you need to tell it how many placeholders do we have we have one that needs to be inside a string and then afterwards we need to tell what we need what we want to replace the placeholder with where in this case is the token email like so afterwards we need to actually run the statement so my SQL eye on the score is TMT underscore execute then we want to make sure we execute the statement in here and now that we did this we can just go ahead and grab the result again just like we did up here so that's just going to scroll up here run a result variable but basically just going to copy a lot of this so we're going to copy down to the else statement here then I'm going to go down paste it in make sure we close off the else statement properly like so now we see probably teams two arrow misses to something else because it's probably not say this let's just say something like there was an error exclamation mark now what we need to do now is we just simply need to update the users information inside the user table so inside the else statements I'm going to run another SQL statement and this SQL statement is going to update the password from inside the users table so what I'm going to do is I'm going to run a SQL statement set equal to a update statement I believe update users' sets PWD users equal to a place holder where email users is equal to question mark now again this is how my columns look like inside my users table yours might look different if you didn't follow my tutorial on how to make a login system but I'm simply just going in here saying that I want to update the users password where the users email matches the email from inside what we just had up here so we had the user's email and we just need to fetch the correct user from in here and update it below here I am going to go ahead and do the exact same thing I'm going to run a statement just like we did above here and fill in the parameters so we're just going to go and copy paste again let's go ahead and say want to create a statement you probably don't need to create a statement every time but I just do to make sure and then we're just going to go ahead and paste it down to here what we do actually execute two statements there we go make sure you close off the else statement that's important because we do have an else statement here I didn't copy the closing bracket up and then what I'm going to do is I'm just going to fill in the information inside the parameters here so right now we have two parameters who when to include another s and the first one is going to be the password that needs to get updated inside the database so we don't to do this we do need to hash the new password because the user submitted a password up here that he repeated a couple of times and we need to make sure we has that new password before we insert it inside the database otherwise people can just do like I mentioned in the first way you could create a possible research system they would just send the new password to you we don't want that to be a thing so we're going to go ahead and make sure we have it here so I'm going to say we have a variable called new PWD hash go and set equal to a function called password on score hash parentheses semicolon and then I want to first of all include the password which is going to be what I just copied which is to pass what the user send us and then I want to use a password underscore default method default that's about incorrectly make sure you spell that correctly default so now we did this we can actually go ahead and include this information inside the statement down here so the new password just created which was hessed is going to be the first parameter which is up here where we actually update something inside the database and then we need to tell it which user we want to update it with in this case here we have deeds Hoch and email that we created up here so i'm going to use that one and that's basically all we need to do here so now we just updated the password inside the database where the user wanted to update their password so now the system is actually working but like I said we need to do one last thing which is to make sure we delete the token that we created when the users wanted to do this so like I said we don't want to always have a lot of tokens inside the database before to say users so in the next part here we're going to just simply run a basic to these statements I'm just gonna go and copy paste it again because basically we're doing the same thing as we've done so many times before I'm just going to go ahead and type it out and explain what exact is going on here it's good why does that slide so weird okay so just copy paste to this section here and I'm going to explain it very briefly since it's very basic we did it a lot of times before I just think they ran a new SQL statement which was a delete statement that was going to delete from password reset where the password reset email is equal to a placeholder then I just went ahead and checked if we could actually run this statement inside the database if we can I just went ahead and said that we wanted to delete any sort of tokens that belong to a user with the same email as the the email we referred to up here so the the user's email and then I just simply executed it so now that we did this we can actually send a user back to whatever signup page so whatever page they came from what they tried to update their password and give them a success message basically it's working now so let's go ahead and check if there was anything else we actually need to do here now in my example here I decided to send them back to the signup page and I do want to include a success message for the user when they get there so when we get back to the signup page it's going to give us this information inside the URL and that's what we need to check for inside the signup page here so right above where we included the link that we started out with the very first thing we started doing this episode we're going to include a success message if they did actually manage to do this so I'm going to just go ahead and copy paste it here because it's something again we've done plenty of times before they're not going to explain it we're just simply taking if there is a get parameter inside the UL we can grab called new password or new PWD that's the one we just referred to inside the last file and I'm going to take if new PWD is equal to password updated if it is then we're just going to give a success message that's all we're doing here if you take this we just created and uploaded to your online server let me just go and do that really quickly again I'm just sitting here transferring all my files to the online version make sure you change the database file wanted to actually upload it to your website because once you upload to an online server you're not going to have this information in in here to your server or to your database so make sure your teen is that accordingly when you go to your hosting company and check what the information is so I just uploaded to my online version inside the browser so what I'm going to do is I'm going to go to a new link instead of aiming to the net force last forgotten password I'm going to go to enters the net force last forgotten password version 2 v2 and as you can see we have the same website but the version we just created together so I'm going to go ahead and go inside my signup page and I'm going to say well thisis I forgot my password again I didn't style anything so it's not going to look pretty I'm gonna click it and then I'm going to type in my email address which is going to be Denny at immature studnets then I'm going to receive a new password and we get a error message let's go ahead and check out what we just did wrong here oh yeah I did forget to include something here inside our word reset - request a link the PHP file you need to make sure you include the connection inside my school i underscore close so this one was not actually necessary to include which is funny why this one should give us the error message so after doing this let's go and double check it again I did actually receive an email just want to let you guys know but I'm just going to delete it because we're starting over because it didn't work so going back inside our signup page I'm going to go ahead and click forgot your password I'm going to target my email I'm gonna send it and then it's going to tell us that we need to check our email so now we get a success message here going to go inside my mailbox I'm going to check in oh we got a link gonna go and copy it kind of paste it inside the browser somewhere and then I can actually reset my password here so I can go ahead and say I want to enter a new password which in this case is going to be I don't know let's write something like and Daniel reset password and your password has been reset and we're still locked in cuz it didn't logout from the previous session now good and ignore that I was locked in because that was from the beginning of this episode when I locked in to show you that I did actually change her password so now that I locked out I'm going to lock back in using the new data I just tapped in for my password doesn't doesn't matter just ignore that that I was locked in so what I'm going to do now is I'm going to go ahead and lock in I'm going to say we have test tests I believe was called and password was Daniel going to login and as you can see it says you are locked in because we did actually update our database here so this is how you create a forgotten password system using tokens if you guys are interested in learning how to create a forgotten password system not using tokens maybe because this might be complicated for you god let me know in the comments section below because if a lot of people do want me to create a different version of this specific system I will do it maybe not immediately but at some point it sort of stressed me out that I was promising this specific episode after my voice was sick after my my flu so I couldn't record this long episode and that's why it hasn't been so many videos for the past few weeks because when I get the flu I get the flu for a week then I lose my voice for another week afterwards so I'm still not entirely ready yet with my voice as you can hear my voice is probably start to fall together but this is how you create a forgotten password system I go ahead and download the lesson files in the description inside my patron if you support me you can get it in there if you get some kind of error that you need my files to help you with like I said download them inside the description of this video from a patreon if you are supporting me on patreon so that's a place we can get the lesson files for this episode and that's basically it so I hope you enjoyed this episode and I'll see you in the next one [Music]
Info
Channel: Dani Krossing
Views: 146,575
Rating: 4.9604506 out of 5
Keywords: how to create a forgotten password system in php, how to create a forgotten password system using php, forgotten password system in php, forgotten password system using php, password recovery system in php, how to create a password recovery system in php, php password recovery, php forgotten password, php create new password, php, password, php tutorial, php login system tutorial, php token, php how to create a token, php forgot password email verification, php forgot password
Id: wUkKCMEYj9M
Channel Id: undefined
Length: 88min 35sec (5315 seconds)
Published: Wed Nov 28 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.