Core Boxx – Forgotten Password Module

 

 

SECTION A

DOWNLOAD & LICENSE

Download Core Boxx Forgot Password ModuleSource Forge

Core Boxx is released under the MIT License. You are free to use it for your own personal and commercial projects, modify it as you see fit. On the condition that there the software is provided “as-is”. There are no warranties provided and “no strings attached”. Code Boxx and the authors are not liable for any claims, damages, or liabilities.

 

SECTION B

INSTALLATION & REQUIREMENTS

Download and set up the “main Core Boxx” if you have not already done so. This module also requires the Users and Mail modules. To “install”, simply import the forgot.sql file, and delete it afterward.

 

 

SECTION C

WHAT IS THIS MODULE?

This is kind of an “extension” of the user module, an automated 2-steps password recovery process.

  • Step 1 – 1-forgot-req.php user access a “forgot password” page and enters the email. An email with the password reset link is sent to the user.
  • Step 2 – 2-forgot-reset.php validates the request and generates a new random password; Sends it to the user via email.

 

SECTION D

FORGOTTEN PASSWORD DATABASE TABLE

Function Description & Quick Example
user_id Primary and foreign key, the user ID.
reset_hash A randomly generated hash to validate the reset.
reset_time When the request is made. Use to calculate the validity time, and to prevent spam.

 

SECTION E

FORGOTTEN PASSWORD LIBRARY FUNCTIONS

Function Description & Quick Example
get() Get a password reset request.
request($email) Step 1 – Generate a random security hash, send the reset link to the user.

  • $email The user’s email.

NOTE: Complete your own email format.

reset($id, $hash) Step 2 – Validate the hash, generate a new random password, and email to the user.

  • $id The user ID.
  • $hash The security hash.

NOTE: Complete your own email format.

 

SECTION F

FORGOTTEN PASSWORD API

Accessible at http://yoursite.com/api/forgot/REQUEST/. These are pretty much a replica of the above library functions, except in REST API format. Feel free to delete api/forgot.php if you don’t intend to integrate an API.

Request Description & Quick Example
request Step 1 – Generate a random security hash, send the reset link to the user.

  • $_POST['email'] String, the user’s email.
reset Step 2 – Validate the hash, generate a new random password, and email to the user.

  • $_POST['id'] The user ID.
  • $_POST['hash'] The security hash.

Leave a Comment

Your email address will not be published. Required fields are marked *