Password recovery

Organize PHP password recovery.

In the database, the password is stored as a double md5 hash.

Necessary: ​​send the person an email with an activation link.
I don’t knowhow to generate an activation address and after sending the email, check if the link is activated.


Answer 1, authority 100%

Passwords are either reset instead of being restored, or stored in a table that does not take part in other site activities, preferably in another database. The first is safer.

Generating a link is trite. New field in the table, hash. If not empty, the user is blocked. Those. click on the “restore” button – write in the field some random (aa123addss231), send a letter with it (?hash=aa123addss231).

if (!empty($_GET['hash']) && !empty($_POST['new_passwd'])) {
  //    ,   -        md5(md5($_POST['new_passwd']))
  }

Answer 2, authority 50%

Here’s a basically simple algorithm to understand–>

$abc= array(" , "); 
        for($i=0; $i<50; $i++){
            $code[$i]=$abc[mt_rand(0, )];
            $code_submit.= $string.$code[$i];       
        }
    $_POST['code']=$code_submit;
//    INSERT     ,   !

Now we have a letter with the address www.*/conferm/$code_submit , if the user visits the URL, we parse our URL and check if such a code is in the database!