PHP Password Reset by Email
Рет қаралды 38,891
Күн бұрынLearn how to create secure password reset by email using PHP, MySQL and best practices.
This is part 2 of Signup and Login with PHP and MySQL:
‣ • Signup and Login with ...
Please consider supporting my channel:
☕ ko-fi.com/davehollingworth
Code shown in the video:
‣ github.com/daveh/php-password...
Relevant documentation:
‣ github.com/PHPMailer/PHPMailer
Videos referenced:
‣ Signup and Login (part 1): • Signup and Login with ...
‣ Sending email with PHP: • Send email with PHP | ...
00:00 Introduction
00:24 How it works
02:09 Starting point
02:17 Forgot password
04:08 Database changes
05:03 Send password reset
08:47 PHPMailer
13:25 Send reset email
14:17 Process link in email
16:42 Password reset form
17:49 Reset password
20:40 Summary
#PHP #MySQL #signup #login #passwordreset
@dave-hollingworth 6 ай бұрын
This is part 2. Part 1 is here: Signup and Login with PHP and MySQL: ‣ kzbin.info/www/bejne/a32chpuFo9qiqZI and part 3 is here: PHP Account Activation by Email: ‣ kzbin.info/www/bejne/oXSTcnyfpZx1rdk
@WasifAnton 8 ай бұрын
Working on my final project and now I added this option to my project, thank you very much
@samnako 10 ай бұрын
Thank you Dave, I've had frustrations looking for a way out with doing secured password recovery/ reset
@batchrocketproject4720 10 ай бұрын
Thanks, really clear coverage of a fairly complex process. 👍
@momohezekieltrump6835 10 ай бұрын
Who else has waited for this?
@AbhishekBade1310 9 ай бұрын
your vid has really helped me a lot in making a good proj. and also thank you for keeping your code free to use
@slicetv4279 8 ай бұрын
Thank you very much. God bless you.
@hongpair 10 ай бұрын
Thank you so much sire always love Your coding and the simple syntax you use to teach special greetings ❤❤❤❤❤
@NedumEze 10 ай бұрын
Shear PHP Coding Wizardry. Deep appreciation, sir. Wishing that you would make a video on the things to do to make a website scalable.
@SargonsEye 5 ай бұрын
Nice explanation, understood instantly, thanks. Suscribed.
@mohammedelhossiny 9 ай бұрын
Perfect ❤❤❤❤❤❤
@pluto6347 3 ай бұрын
Thank you so much 💯🙏
@MohamadWyatt 3 ай бұрын
Very good php man
@tanaht23 10 ай бұрын
Thank you 😇
@ackinito 8 ай бұрын
Great content David, part 3 with 2FA with option to enable or disable it?
@slamanaim1837 10 ай бұрын
really you are good
@bisdakhydroponics2732 9 ай бұрын
Thanks sir
@faridajepkosgei7066 6 ай бұрын
thank you so much .
@dave-hollingworth 10 ай бұрын
What other related functionality would you like to see? Coming soon - account activation by email!
@sujalkhatiwada2267 10 ай бұрын
Maybe a real-life project with clean coding, using API?
@ahooton 10 ай бұрын
Hi Dave, great content! I recently decided to progress to learning Laravel and wondered if this was something you have any experience with, or were planning to cover in the future? Love your courses by the way! Cheers, Adam
@zmOe1 10 ай бұрын
please show how to do this exactly with the env file to store the sensitive data externally
@dave-hollingworth 10 ай бұрын
@@ahooton Thank you! I will do some Laravel tutorials at some point in the future, yes
@dave-hollingworth 10 ай бұрын
@@zmOe1 I just published this: kzbin.info/www/bejne/gmaoY3uJfdd3oNk
@sarabibrahim8312 10 ай бұрын
Can you add a video for creating admin roles Like adding super admin and admin please
@igu642 9 ай бұрын
❤❤
@sarabibrahim8312 10 ай бұрын
👏👏👏
@AbhishekBade1310 9 ай бұрын
could you please make a video on search algo like in a social media website where we can find people to connect with?
@fgtoon2959 8 ай бұрын
amazing , if u can help upload photo and can edit it .please
@frankkaundamukhuni Ай бұрын
Thanks for your knowledge and your code I used them in signups and they worked for me perfect. And when are you planning to record a tutorial on how to create avater image
@nirmalperera654 5 күн бұрын
bro plz tell me didi the domains worked correctly
@slamanaim1837 10 ай бұрын
please in reset-password. php i don't understand if we must put $token_hash in the place of ? in the query $sql="select * from user where reset_token_hash=?"; because i think ? will replace $_get['token'] and in the table user we store reset token hash and not the token help please just i want a clarification thx in advance
@martingronek4813 24 күн бұрын
really great content, thank you for that. It may be a stupid question but wouldn't it be easier to send the user to the sign-up page and skip the check if the email is already taken? (or just delete the user and let him sign up again)
@dave-hollingworth 24 күн бұрын
You could do, but the signup page is more complex than the password reset page, requiring more fields, more validation etc. so it's easier to let them reset their password by just supplying their email. As for deleting the user and letting them sign up again, yes you could do that, but that would require you to do that. Letting the user reset their own password requires no intervention on your part. (much better if you have many users!)
@ademineshat 10 ай бұрын
Great as always 👍 I know videos are made so that they can be easy to understand but, Maybe It would be better and more practical, instead of using files and require them like: $var = require.....;, we can just create functions in one file and use them everywhere we need. 😊
@dave-hollingworth 10 ай бұрын
Yes you're right. I try to avoid adding code that would distract from the lesson being taught in the video, so I keep it as simple as possible, but a different way to organise the code would be better as the codebase builds.
@dwaynekeane3758 5 ай бұрын
I love his tutorials but he did it in his first video and I was a bit confused. $mysqli = require __DIR__ . "/database.php"; What does this mean. This variable is for the database connection in the databse.php file.
@venomtv9066 7 ай бұрын
On the mail.php page, specify in the SMTP settings configuration, what is meant by email and password? Is it the one that belongs to the personal gmail, and what is the account added to the host? Please respond as soon as possible.
@dave-hollingworth 7 ай бұрын
The email and password are the ones you use to authenticate with the SMTP server. In the case of Gmail, this would be your full Gmail address and application password (you have to create a specific application password to use the Gmail SMTP server)
@pavelivanov-bd3sf Ай бұрын
Such situation I made the reset password structure by your video, the main problem that google account now vanished the opportunity to make less app secure in google/account/security, out there I made password app in 2 factor authentication and use it in my project, but, have been always when try to reset the password, have the same error *SMTP Error: Could not authenticate* , someone speaks it point on incorrect credentials, however, credentials fine 100%, someone speak the structure of the project now does not fit for google requirements and therefore we have always the error, someone know how to resolve it? as long as someone have faced with the same issue ?
@hamdikelil939 Ай бұрын
i was able to update the token but when I click the link sent to the email, it keep says token not found
@user-zi3id5dz3m 2 ай бұрын
sir, please help my reset-password.php page not working mail massage click with example domain show
@pkkumar3415 5 ай бұрын
Sir please tell how to send email using codeigniter 3
@user-hq7fy2um4y 3 ай бұрын
Thankyou for this tutorial I am learning in your videos but is there another way? PHP mailer doesnt work now if you use gmail cause google disabled the function less secure apps in gmail😕
@dave-hollingworth 2 ай бұрын
Search for "smtp server" (there are free and paid ones available)
@user-hq7fy2um4y 2 ай бұрын
@@dave-hollingworth Im truly grateful for your assistance!
@q.m.vandersnoek3899 2 ай бұрын
Dear Dave, thank you so much for this tutorial. It is great. Very clear explanation and nice voice. I do have a problem. When I run your script on my computer, locolhost, everything works fine.But when I FTP it to my site I get an error. When I klick the send-button, i get: the page could not be processed. HTTP ERROR 500. When I choose another file, (forgotmail.php, ipv send-password-reset.php) it loads the page (forgotmail.php. When I paste the code from send-password.php insode forgotmail.php, iit does not work anymore. Can you understand this? Kind regards and thank you in advance
@dave-hollingworth 2 ай бұрын
A 500 error means an error is occurring on the server - to see error details you need to add this to your code: ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL); This will tell you where the error is occurring
@q.m.vandersnoek3899 2 ай бұрын
@@dave-hollingworth It was a problem with the authorisation ... problem solved. Now it works like charm. Thanks again Dave!
@Riri-hh7ej 7 ай бұрын
how to set up composer?
@dave-hollingworth 7 ай бұрын
Follow the instructions for your operating system here: getcomposer.org/doc/00-intro.md
@CoderLoAnt 22 күн бұрын
why did you set reset_token_hash is unique?
@dave-hollingworth 21 күн бұрын
That field is used to uniquely identify a user. In the (albeit unlikely) event of two tokens being generated that are equal, the situation could arise that a user could reset the password of another user's account. So we set it to be unique in the database to avoid this situation.
@th3godfather64 Ай бұрын
Which IDE are you using?
@dave-hollingworth Ай бұрын
Visual Studio Code
@CoderLoAnt 22 күн бұрын
I can't update my password? do you why?
@projetistajunior6881 5 ай бұрын
Hello Dave. Everything works properly but the email, it doesn't create an hyperlink but instead write out the whole
@dave-hollingworth 5 ай бұрын
You need to set the email format to HTML: $mail->isHTML(true);
@projetistajunior6881 5 ай бұрын
@@dave-hollingworth Thanks brother it works fine now. 🤝
@Marsden 2 ай бұрын
Hello, I've tried everything to get this to work however I'm struggling. I keep getting "token not found' after running the process-reset-password.php. I can confirm that the token is there, on the email and is being displayed in the "hidden" form when visible but still I get this error. I thought it might have been an issue with the hash, and so I have completely removed the hash and the checks for the hash, but I'm in the same boat. Can anyone help?
@dave-hollingworth 2 ай бұрын
Try debugging by printing out the values of the token at various points, to see if it's getting lost somewhere. You can also compare your code to the code from the video in the repository.
@joshblank4579 6 ай бұрын
I am trying to reset the "reset_token_hash" and "reset_token_expires_at" to null after I successfully reset my password but the values are not turning null. I checked the database and the code and all were copied perfectly. Is there any idea on how to fix this?
@dave-hollingworth 6 ай бұрын
Could it be that the database columns don't accept null values?
@duhaylungsodsamroldan4202 6 ай бұрын
theres an error whenever i click the link on mail: Not Found The requested URL was not found on this server. Apache/2.4.48 (Win64) OpenSSL/1.1.1l PHP/7.3.30 Server at localhost Port 80
@dave-hollingworth 6 ай бұрын
Check the URL matches your hostname (e.g. localhost, example.com etc.) and the path to the file (/reset-password.php, or /subfolder/reset-password.php etc.) and the filename matches it
@jaybeedelacruz8279 4 ай бұрын
Why does mine display "Token not Found" even though the token is correct for the given URL?
@dave-hollingworth 4 ай бұрын
Hard to say without seeing the code - try debugging by printing out the values of the $_GET variable etc. at different stages using var_dump
@Marsden 2 ай бұрын
Mine is exactly the same, did you manage to fix this?
@rale3r 6 ай бұрын
Hello Dave. First, thanks for your lessons. They are great! For me, the reset-password.php file does not work on my domain, PHP version 7.4 Reports an error: Failed to load resource: the server responded with a status of 500 () An error occurs when executing this line: $stmt->bind_param('s', $token_hash);
@dave-hollingworth 6 ай бұрын
PHP 7.4 no longer receives security updates, I recommend updating it as soon as you can. A 500 error is an error on the server - see this video on how to see the actual error message: kzbin.infot6KpIfHPFGw?feature=share
@rale3r 6 ай бұрын
Thanks for your reply. It didn't help me. If I change the PhP version, then other things don't work for me. I am not familiar with PhP. The above error occurs when executing this line:> $result = $stmt->get_result();@@dave-hollingworth
@rale3r 6 ай бұрын
Can you suggest an alternative method ?
@charlemagnearispe3614 2 ай бұрын
I installed composer but it only downloads vendor/phpmailer without anything inside it
@dave-hollingworth 2 ай бұрын
Check your file explorer isn't hiding certain files, and you have enough disk space. Also see if there were any error messages when you ran the Composer command
@jodhaniarpit8949 2 ай бұрын
Hii how to download vendor/autoload.php please give me link
@dave-hollingworth 2 ай бұрын
This file is generated automatically when you install packages using Composer
@flavoredtears3898 Ай бұрын
@@dave-hollingworth im saving the same issue it didnt load in the vendor/autoload.php idk what to do here
@dave-hollingworth Ай бұрын
@@flavoredtears3898 When you run the "composer install" command, it will create the vendor folder in the same folder you run it from - check the output of that command to make sure there were no errors
@promango7745 9 ай бұрын
i got email has already taken on sign up but email doesnt taken
@dave-hollingworth 9 ай бұрын
Please have a look at some of the other comments where people have had a similar problem and posted a solution
@jamestrey3049 6 ай бұрын
13:39 it appears: Message could not be sent. Mailer error: SMTP Error: Could not connect to SMTP host. Failed to connect to serverSMTP server error: Failed to connect to server Additional SMTP info: php_network_getaddresses: getaddrinfo failed: Temporary failure in name resolutionMessage sent, please check your inbox. Can you guys please help me to fix this problem now? I extremely appreciate, thank you very much
@jamestrey3049 6 ай бұрын
Message could not be sent. Mailer error: SMTP Error: Could not authenticate.
@dave-hollingworth 6 ай бұрын
@@jamestrey3049This is an issue with the SMTP server hostname (e.g. smtp.example.com) or the authentication credentials (the username and password you use to connect to the server)
@jamestrey3049 6 ай бұрын
@@dave-hollingworth Yes, I already changed its statement. But eventually It appears SMTP Error: Could not authenticate. Please help me
@jamestrey3049 6 ай бұрын
Do you mean the password we use is the app password of Google?
@dave-hollingworth 6 ай бұрын
@@jamestrey3049 If it's saying you could not authenticate, this is usually a problem with the username and password. If you're using Gmail, this will be your email address and application-specific password.
@baldryanebale8106 18 күн бұрын
Message could not be sent. Mailer error: SMTP Error: Could not authenticate. What is the problem?
@dave-hollingworth 18 күн бұрын
Check the user and password you're using to authenticate with the SMTP server
@Doyleur 18 күн бұрын
Getting the same error, as far as I know my username and password for the SMTP server is correct as well as the settings for the SMTP server. Can I ask what server you're using? Or if you fixed it?
@baldryanebale8106 17 күн бұрын
@@Doyleur the same as on the video, but i didn't fix it :
@dave-hollingworth 17 күн бұрын
@@Doyleur I use mailgun. You can always try the SMTP settings in a regular email client (e.g. Thunderbird) to see if they work there
@bhaskar_veeraragavaneditz1891 9 ай бұрын
Where is Autoload.php
@dave-hollingworth 9 ай бұрын
In the vendor folder
@sakuralee9800 Ай бұрын
Hi sir, i tried and success to run it but after a month a open it got this error. can you help me please? Fatal error: Uncaught Error: Call to a member function setFrom() on int in C:\xampp\htdocs\fyp\send-password-reset.php:28 Stack trace: #0 {main} thrown forgot password
@dave-hollingworth Ай бұрын
What is on that line of code? (line 28)
@sakuralee9800 Ай бұрын
I saw my smtp account is disabled restricted access just now, is it the issue why I got error?😮
@sakuralee9800 Ай бұрын
Hmm I write the code for u just now but I don't know why it didn't show here...
@dave-hollingworth Ай бұрын
@@sakuralee9800 Try putting the code on something like pastebin and posting the URL here
@sakuralee9800 22 күн бұрын
@@dave-hollingworth I can fix it already, thank you sir 😁
@tv44-alternative23 Күн бұрын
I'm now getting this "Message could not be sent. Mailer error: SMTP Error: Could not authenticate.Message sent, please check your inbox." Is it a firewall issue with smtp server?
@rafaelrodrigues-gq3mo 5 ай бұрын
Hi @dave-hollingworth. In the last step of the "process_reset_password" I'm comming across a following problem: Fatal error: Uncaught Error: Call to a member function bind_param() on bool in C:\xampp\htdocs\TCC\TCC\process-reset-password.php:39 Stack trace: #0 {main} thrown in. Could you help me to solve it out!?
@dave-hollingworth 5 ай бұрын
This means $stmt contains false - check the SQL is valid
@rafaelrodrigues-gq3mo 5 ай бұрын
@@dave-hollingworth thanks Dave, I’ve found the error 👍
@slamanaim1837 10 ай бұрын
thx a lot all work well however the only problem for me is when i click on signup and i write name ,email,...and i click send always show me this message:email alreay taken although the email is not used so in this case i insert manually id,name,email..into the table user and i succeed to do all the other things. help please thx in advance
@dave-hollingworth 10 ай бұрын
Try adding this line: mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
@chainenaimslama1870 10 ай бұрын
@@dave-hollingworth you know i went to cafee and now i return to my laptop and i try again however in this all works well without adding anything thx very much best friend
@user-sp8wu3gm1j 4 ай бұрын
Fatal error: Maximum execution time of 120 seconds exceeded in C:\xampp\htdocs\projects\test\template\demo\vendor\phpmailer\phpmailer\src\SMTP.php on line 1269
@davidsondavid4988 3 ай бұрын
please I am getting an error, Message could not be sent. Mailer error: SMTP Error: Could not authenticate. Massage sent, please check your inbox
@dave-hollingworth 3 ай бұрын
Check the username and password you're using for your SMTP server
@davidsondavid4988 3 ай бұрын
thanks you are the best@@dave-hollingworth
@user-fl5gu8pw4f 4 ай бұрын
send-password.php code its not working its not updating reset_token_hash and the reset_token_expires_at any help ?
@dave-hollingworth 4 ай бұрын
Do you get any error messages? Try temporarily stopping the script before it redirects so you can see them
@user-fl5gu8pw4f 4 ай бұрын
Thanks for your reply , i really appreciate your Code the problem was at the DB Connection yours is a Prepared statement mine was a Normal connection , what do u think Prepared Statement is more secure or both are good , also there was an bug at your Register Process the client can use someone elses data to register for example you forgot to prevent duplicated inserts :)@@dave-hollingworth
@slamanaim1837 10 ай бұрын
please in reset-password. php i don't understand if we must put $token_hash in the place of ? in the query $sql="select * from user where reset_token_hash=?"; because i think ? will replace $_get['token'] and in the table user we store reset token hash and not the token help please just i want a clarification thx in advance
@chainenaimslama1870 10 ай бұрын
i think this : $stmt->bind_param("s", $token_hash); in the script reset-password.php will put $token_hash in place of ? so because i don't know this ligne of code do you confirm me? thx in advance
Dave Hollingworth
Рет қаралды 7 М.
exlittlebeans
Рет қаралды 31 МЛН
TGIF & Born to Shine Toastmasters (Taiwan)
Рет қаралды 12
Web Tech Knowledge
Рет қаралды 16 М.
Dani Krossing
Рет қаралды 209 М.
Funda Of Web IT
Рет қаралды 68 М.
Photographer Army
Рет қаралды 24 МЛН
LED Screen Factory-EagerLED
Рет қаралды 7 МЛН
YUKI
Рет қаралды 866 М.