Let Those Who Forget Back In!

What user authentication system would be complete without a way to regain access should our fragile minds forget our user credentials. The following code should be pretty self explanitory after you suffered through my other examples ;)

File: reset.php

<?php
require_once('common.inc.php');
if (AUTH){
    header('location:account.php');
    exit;
}

if (isset($_POST['submit'])){
    $resetComplete = false;
    $errors = array();
    $email = $_POST['email'];
    
    $email = escape_data($email);
    
    // check for blank fields
    if (!strlen($email) > 0)
        $errors['email'] = 'Field cannot be left blank';
    
    // if no errors process
    if (count($errors) == 0){
        
        if (emailExists($email)){
            
            if ($data = loadByEmail($email)){
                $password = randPassword();
                $md5Password = md5($password);
                $data['password'] = $password;
                
                if (updatePassword($email, $md5Password)){
                    sendRegisterEmail($data);
                    $resetComplete = true;
                } else {
                    $errors[] = "Error updating password";
                }
            } else {
                $errors[] = "Error loading user data";
            }
            
        } else {
            $errors[] = "That email is not associated with any of our accounts";
        }
    }
    
} else {// form not submitted
    $resetComplete = false;
}
?>

Here again we Include our common file, make sure the user isn't already logged in, and start to check the form values if submitted. We then make sure the email address exists in our database, load the data for that email and generate a new password to be emailed to the user as well as hashed and updated in the users database row.

File: reset.php(cont)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title>My Login Form</title>
    <style type="text/css">
        .error {
            color : #f00;
            font-weight : bold;
        }
    </style>
</head>
<body>

    <h3 style="text-align:center;color:red;">Reset Your Password</h3>
    <hr />
    <?php // display debuging errors
    if(!$resetComplete):
        if(@count($errors) > 0):
            echo '<div class="error">';
        
            foreach($errors as $error) {
                echo $error . '<br />';
            }
            echo '</div>';
    
        endif;
    ?>
    
    <form action="reset.php" method="post">
        <div class="form_row">
            <label for="email_address">Email Address:</label>
            <input type="text" name="email" value="<?php if(isset($email)){ echo $email;} ?>" />
        </div>
        <div class="submit">
            <input type="submit" name="submit" value="Reset Password" />
        </div>
    </form>
    
    <?php else: ?>
        <h2>Your Password Has been reset and sent to you at <?php echo $email; ?>.</h2>
        <div>
            <a href="login.php">Login!</a>
        </div>
    <?php endif;?>
    
</body>
</html>