CODEWITHSUNDEEP
phpcakephp
Cameron
Cameron

Reputation: 28843

CakePHP Forgot Password

Hi I'm looking to create a simple Forgot Password system using CakePHP where a user will type in their username/email and then receive an email with a link they can click to create a new password.

I've Googled around but not found anything :/

Using CakePHP 1.3

Upvotes: 3

Views: 7936

Answers (3)

generalopinion
generalopinion

Reputation: 1437

  1. Display a view with a form so that the user can enter their e-mail address.
  2. Have the form post to a reset_password controller action.
  3. In the reset_password controller action look for this->data['User']['email'] and store the email address in a database table.
  4. This same database table should have a key or token field. This field should be CHAR(40). In the reset_password action do $key = Security::hash(String::uuid(),'sha1',true) to create a key or hash and store it in the key or token field.
  5. To generate the URL do $url = Router::url( ($this->here), true ).'/'.$key inside the controllers reset_password action. This will generate a url based on the current action and append to it the key parameter which you can verify in this same function when the user clicks the email link.
  6. You'll also need to setup the Email component to actually send the e-mail including the generated URL above in the message body.

This should be enough to get you going in the right direction.

Upvotes: 12

stevecomrie
stevecomrie

Reputation: 2483

You can take a look at two pre-made solutions that might suit your requirements:

Spark Plug by Jedt - https://github.com/jedt/spark_plug

Users Plugin by CakeDC - https://github.com/CakeDC/users

Both have a "Forgot your Password" functionality. You could either include one of the plugins into your project, thus getting the full benefit of all the code, or you could simply poach their code for how to make it work within your own project.

Upvotes: 2

alex
alex

Reputation: 490423

  • Ask user for their email.
  • Generate a random string of sufficient length, store it in your database and email it to them as a link alongside with their email. Make it expire in 24 hours. Tell them to ignore the email if they didn't request a new password.
  • Match the email and string in the database. Present them with a form to enter a new password or email them a new password (different random string).

Upvotes: 3

Related Questions