forget password page, creating a generated password to email to the user.

Question

I am trying to create a forgot password page. I have heard that it is not a good idea to send the original password to the user via email so I am trying to create a random c

Answer 1

A few problems to note:

1. Right after you create your $password variable with createRandomPassword() you overwrite it with the value in $_POST['password'].

2. You need to put quotation marks around your assignment of $tbl_name, ie:

   $tbl_name = "Account_Holders";

   That's probably why you're not finding the user's email in the db.

3. If you're going to email a new password to the user then you will want to update that in the database so that when they go to log in with the new password it will match what's in the db. In order to do that you need to use an update statement:

   UPDATE Account_Holders SET Password = '$password' WHERE Email = '$email';

Note: It's generally not a good idea to store passwords in a database unencrypted. What's typically done is the password is first encrypted and then stored in the db that way. When you go to validate the user's login credentials, encrypt the password they send with the same encryption algorithm and compare against what's in the database.