What are the typical steps involved in setting up a "forgot password" script in PHP?
When a user forgets their password, they need a way to reset it securely. One common method is to set up a "forgot password" script in PHP, which allows users to request a password reset link via email. This script typically involves generating a unique token, storing it in the database along with the user's email, and sending an email with a link that includes the token for the user to reset their password.
// Step 1: Generate a unique token
$token = bin2hex(random_bytes(16));
// Step 2: Store the token in the database along with the user's email
// Assuming you have a users table with columns for email and reset_token
$query = "UPDATE users SET reset_token = :token WHERE email = :email";
$stmt = $pdo->prepare($query);
$stmt->execute(['token' => $token, 'email' => $email]);
// Step 3: Send an email with a link including the token
$reset_link = "http://example.com/reset_password.php?token=$token";
$to = $email;
$subject = "Reset Your Password";
$message = "Click the following link to reset your password: $reset_link";
$headers = "From: admin@example.com";
mail($to, $subject, $message, $headers);