Core Boxx – Forgotten Password Module

By / Project Documentation / September 12, 2021

This is an automated 2-steps password recovery process, an “add-on” to the user module.

 

TABLE OF CONTENTS

Download & Notes Quick Reference

 

 

DOWNLOAD & NOTES

First, here are the download links and a quick “setup guide” for the impatient folks who don’t have the patience to read through everything.

 

DOWNLOAD LINKS

Download Core Boxx Forgot Password Module | GitHubSource Forge

 

LICENSE

Core Boxx is released under the MIT License. You are free to use it for your own personal and commercial projects, modify it as you see fit. On the condition that there the software is provided “as-is”. There are no warranties provided and “no strings attached”. Code Boxx and the authors are not liable for any claims, damages, or liabilities.

 

 

INSTALLATION & REQUIREMENTS

  • Download and set up the “main Core Boxx” if you have not already done so.
  • This module also requires the Users and Mail modules.
  • To “install”, simply import lib/SQL-forgot.sql into your database.

 

MORE DEVELOPMENT NOTES

There are 2 “demo pages” to get you started:

  1. 1-forgot-req.php The “forgot password” page to enter the email. An email with the reset link will be sent via email.
  2. 2-forgot-reset.php. This is where the “default reset link” points to. Validates the request, generates a new random password and sends it via email.

Of course, feel free to change the file names, use the pretty URL system, or even drive this using AJAX. Also, remember to update request() and reset() in LIB-Forgot.php, personalize your own email messages.

 

QUICK REFERENCE

This section is a quick walkthrough of the general module structures.

 

FORGOTTEN PASSWORD DATABASE TABLE

Function Description & Quick Example
user_id Primary and foreign key, the user ID.
reset_hash A randomly generated hash to validate the reset.
reset_time When the request is made. Use to calculate the validity time, and to prevent spam.

 

FORGOTTEN PASSWORD LIBRARY FUNCTIONS

get($id)

Get a password reset request.

  • $id Int, the request ID.
request($email)

Step 1 – Generate a random security hash, send the reset link to the user.

  • $email The user’s email.

NOTE: Complete your own email format.

reset($id, $hash)

Step 2 – Validate the hash, generate a new random password, and email to the user.

  • $id The user ID.
  • $hash The security hash.

NOTE: Complete your own email format.

 

 

FORGOTTEN PASSWORD API

Accessible at http://yoursite.com/api/forgot/REQUEST/. These are pretty much a replica of the above library functions, except in REST API format. Feel free to delete api/API-forgot.php if you don’t intend to integrate an API.

api/forgot/request

Step 1 – Generate a random security hash, send the reset link to the user.

  • $_POST['email'] String, the user’s email.
api/forgot/reset

Step 2 – Validate the hash, generate a new random password, and email to the user.

  • $_POST['id'] The user ID.
  • $_POST['hash'] The security hash.

Leave a Comment

Your email address will not be published. Required fields are marked *