Reset password function in php codeigniter

Question

I am trying to write reset password function in codeigniter php and mind mind not clicking where to start and what is the best way to do so pls help

my db as like this
CREATE TABLE `members` (
 `id` int(11) NOT NULL AUTO_INCREMENT,
 `username` varchar(255) NOT NULL,
 `email` varchar(255) NOT NULL,
 `password` varchar(255) NOT NULL,
 `verifystring` varchar(15) NOT NULL,
 `lostkey` varchar(100) NOT NULL,
 `active` enum('0','1') NOT NULL,
 PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1

and function goes like this

//forget password

 public function forget_password(){

    $this->form_validation->set_rules('email','Email Address','xss_clean|required|valid_email|callback_reset_password');
    if($this->form_validation->run() == FALSE){
    $this->load->view('account/forget_password');
    }else{

        //send an email
        $this->load->library('email');
        $this->email->set_newline("\r\n");

            $this->email->from('[email protected]', 'Raju');
            $this->email->to('[email protected]');
            $this->email->subject('Email my');
            $key = 12334455;
            $message = "Please click this url to change your password ". base_url()."reset_now/".$key ;
            $message .="<br/>Thank you very much";
            $this->email->message($message);

        if($this->email->send())
                {
                    echo 'Please check your email to reset password.';
                }

                else
                {
                    show_error($this->email->print_debugger());
                }
    }

}


//email check for forget password
function reset_password($email){
    $query = $this->db->get_where('members', array('email'=>$email));

    if(!$query->num_rows()>0){
        $this->form_validation->set_message('forget_email_check', 'The %s does not exists in our database');
        return FALSE;
    }else{

        //check database fields
        /*
        $this->db->where('email', $email);
        $this->db->limit(1);
        $Q = $this->db->get('members');
        if($Q->num_rows()>0){
            $data = $Q->result_array();

            echo $data[0]['username'].'<br/>';
            echo $data[0]['password'].'<br/>';
        }

    */

        echo '<br/>'. $email.'<br/>';
    }

    //$query->free_result();
    //return true;
}

Answer 1

It's simple. First ask the user to enter their username or id or email or whatever their login credential is. (Not the password of course). Now with that value, query the database and if the value exists, just retrieve the corresponding email address. (If the login credential is email, then just check for the presence of the email address in the database). Then,

1. Create a random string
2. Retrieve the user's email from the database and send this newly created string to the user's email ID.
3. Update the current password of the user in the database.
4. Now, set a flag which basically prompts the user to create a new password when the user logs in with the auto-generated password.
5. Once the user creates a new password, then Update the password in the database and also update the flag.

From now on, whenever the user logs in, your application won't prompt the user to reset the user's password.