Everyone forgets their password from time to time and it's likely that a user may wish to be reminded of their password. However, we cannot send them their password as we don't have it; we are only storing a hash of it—the password isn't actually stored in the database. The user will have to reset their password; generating a new hash as they do so.
We want to be sure that a user has genuinely requested a new password, therefore, we're going to add a column in the register table to support this. The new column called forgot_password
will contain a code which we will generate when a new password is requested; and we will check that code when the user is redirected back to the site from a url in an e-mail, which we will also send to them. Copy the following code into your database:
ALTER TABLE register ADD forgot_password INT(11) AFTER user_hash;