Build your own Forgot Password PHP Script

This tutorial is about building a forgot password system(Password Resetting System) with PHP when password is encrypted with MD5() ,SHA1() or any other encryption algorithm .

forgot password php

forgot password php

When you are storing the passwords of users in plain text then you can easily send their password to their email id.But in case of encrypted password  it is not possible to send the plain password to the users because you can not decrypt these passwords.

Basically there are two ways to reset the passwords.First one is assign a random password to the user and send to their email id,but this method can be misused by other users .For example any member can reset other member’s password if he knows email id.So i will not recommend two use this method.Second method is instead of changing the password , assign a random token for that user when he request for password reset.Store this token into your database and also send this token to user’s email id.The best way to send the token is in form of a link .See the link below…

<a href=””>Reset Password </a>

When user will click on this link you will can easily determine that which user wants to change the password after getting value of token by $_GET[‘token’] and compare this value to all available tokens.Now start a session and ask  for new password to your user and store the password in encrypted format in your database.After successful password reset either delete the token or mark that token as used .

If you understand the above method of resetting password then its time code the PHP script.Here is step by step guide to build your own Forgot Password PHP Script.

1).Build tables and database-At first you need to create a file which includes settings for your database to connect.The code is given below ,you just need to change values of all variables.Now open PHPMyAdmin and import the sql file available in attachment or manually create a table name “token” containing three fields email ,password and used.


2).Password reset form-Build a simple form using HTML which ask for email id of user.You may use CAPTCHA for better security.I am doing this without CAPTCHA so here is the code .

3).Assign a token and mail it-After getting email id of user first check that email id exist in your database or not.If email id exist then assign a random token ,store the token in a table say “token” with user’s email id and send a password reset link to the user.

4.)Change the password-When user clicks on password reset link ,first check if it is valid or not.If it is valid then start a session and ask for new password.


 Download Source



Incoming Search Terms:

  • forgot password php code free download
  • how to reset password in php
  • simple password reset script for dummies
  • Beautiful, creative and
    acutely enjoy able!

  • I have been lookig for this code for a week. Thanks for sharing…

  • meet

    i am getting the mail…but my reset link not working…plus on reset.php page you mention the collumn used=0…so what should i do? i have to create a collumn name used in tokens table

    • Import the table “tokens.sql” from download source there is already a column named “used”.If you have created table manually then you have to add that column.Without “used” column it will not work.

      • meet

        thanks for your help…amit…but in reset.php page program does not execute on if(!isset($_POST[‘password’])){} the same thing happen in if(isset($_POST[‘password’])&&isset($_SESSION[’email’])) ….what should i do?

        if you want to see what is happening here is link…click on forgot password link on login page and help me..

        • meet

          it’s done amit…thankyou so much for your great support!!!:-)

          • Well ,while cross checking this script I have found a bug which was sending an email to non-registered user. Please replace line 17 of forgotpassword.php with given code.

            if($n==0){echo “Email id is not registered”;die();}

  • Connor

    Hi Amit
    Nice script thank you very much. I’m having a small issue: The email is received but the link only points to the main page not the reset.php page. Any idea’s how I’ve manged to mess this up.

    • Replace line 41 of forgotpassword.php with given code…

      Click on the given link to reset your password Reset Password

      • Connor

        Hi Amit

        Apologies, not sure I understand
        This is my code at line 34:
        $uri = ‘http://’. $_SERVER[‘HTTP_HOST’] ;
        and this is line 41:
        Click on the given link to reset your password Reset Password
        Your assostance greatly apprecited.

        • Line 34 is ok…actually I have misplaced a double quote at line 41.So if you replace line 41 with correct code ,it will work fine.I have already updated the tutorial either you can copy the same line or you can download the updated source from same download link.If you have still any problem feel free to ask..

  • A H KHAN

    Failed to connect to mailserver at “localhost” port 25, verify your “SMTP” and “smtp_port” setting in php.ini or use ini_set()

    • Probably you are testing this this script on your local system .To avoid this error simply use any free hosting site .or
      use these settings
      ini_set(“SMTP”,””);//You need to find mail server of your ISP.

  • nilesh

    Warning: mail() [function.mail]:
    Failed to connect to mailserver at “localhost” port 25, verify your
    “SMTP” and “smtp_port” setting in php.ini or use ini_set() in C:wampwwwforgot passwordforgotpassword.php on line 51

    • You need to configure your system to send mail.It’s better to test this script on any hosting server.

      • zedric

        so it wont work on xampp server ?? this tut right ?

  • paresh


  • Elena Valari

    Thanks a lot for this code, but i have the same problem about the connection:

    Failed to connect to mailserver at “localhost” port 25, verify your “SMTP” and “smtp_port” setting in php.ini or use ini_set()…

    Where i have to put the code about the ini_set()?

    • Try this code on any hosting server(like instead of your local host.

      • naqqash

        Respected Sir
        Please explain it that where i will have to change (like instead of local host.

        • I am not saying to change anything in code.You can check this code on any free hosting server instead of your system.

          • naqqash

            Please sir may you tell me something about this function so that i could perform it on local host or any other way to send mail from local host

          • naqqash

            Respected Sir,
            I have done all settings step by step according to this tutorial

            but receiving same error as before.please help me that what should i do. thanks in advance

          • naqqash

            I have done according to above link but could’ t understand anything please may you send another link by using this i can send mail on local host

          • naqqash

            Sir i want to confirm that your giving source code have only 1
            token.sql and even 1 table tokens. but in your code you are using two tables like : “tokens” and “users”.I want to confirm that will user
            saved the email into two tables like “users” and token at the time of
            registration ?

          • There is need to save anything in token table at the time of registration .”Token” table will only used at the time of password reset.

    • naqqash

      i have also same problem

      Warning: mail() [function.mail]:
      Failed to connect to mailserver at “localhost” port 25, verify your
      “SMTP” and “smtp_port” setting in php.ini or use ini_set()

      please tell me some thing that how to used ( on local host.

      i will be very very very very very thankful to you


    Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in C:AppServwwwnewTunisiaHack1forgotpassword.php on line 16
    Email id is not registered ???????

    • Make sure that your email id is inserted in table.

  • Milad


    thanks to your code
    link to reset page works fine and passed the token but my code in reset page not to be execute!!!please help me

    • Paste your error if you are getting any and also print every query during test ,you will able to find out error.

  • Dono

    i had a problem while in reset.php page,

    Notice: Undefined variable: email in C:xampphtdocsforgotpasswordreset.php on line 15,

    i don’t know why it happen because i am still new in php, maybe it’s baecause if statement??

    • error_reporting(E_ALL ^ E_NOTICE);

      //add this line at beginning of reset.php

  • Vishal

    Sir i dont got mail ..

    • Make sure you are able to send mail from your server.

      • Vishal

        and i use

        postfix mail server

  • Vishal

    Sir I done my mail server but i can not get email why ?
    We have sent the password reset link to your email id

    • Check the Spam Folder.

      • Vishal

        Sir i check both .. but dont have any , help me sir please

        • OK, send a test mail using PHP mail() then comment here if you have received mail.

        • and I have tested this script it’s always works for me.

        • Have you received any mail?

  • Vishal

    No i dont get any mail

    • It means your server is not sending mail.There is a problem with postfix mail server configuration.I have never used postfix so I don’t have any idea so you can search on Google for correct configuration.

  • Vishal

    Sir all done .. but why my database pass not change …
    i got pass change successfully message but .. but in database pass not change why ?
    echo ‘
    enter your new password:

    $q=”INSERT INTO t_account ( pwd , pw2 ) VALUES(‘$password’,'”.md5($_POST[‘password’]).”‘)”;

  • Greg

    VERY VERY USEFULL!!! again thanks for providing the source code.. haveing a hard time here to follow the steps..

  • Vinay

    Amit.. I used your rating script. It’s working perfectly fine.. I just
    found a glitch though… Say for the first time I rated just the first
    one to 5… I refreshed the page… And I see that rating for all 3_ID’s
    are filled up as 5… Can you please help me in fixing it ?

  • Kurt Chun

    Really appreciate~! Thankss~

  • Kim Vojensky

    Hello, I get an error: that the password was changed successful AND an error occurred. Can you help with that? The password is not updated. Thank you for the tutorial, I’m learning quite a bit!


  • Florin

    I receive this error:

    Your password is changed successfullyAn error occurred

    in my database not changed password

  • Himanshu

    Thanks budy it works for me

  • vimal

    hai amit sir, recently im using this code thanks,all is done but i have one error please resolve this.Notice: Undefined index: password in C:wampwwwforgotpasswordreset.php on line 18

    • r3

      if(isset( …check password….)){ code here….} it may be work, try it

      • vimal

        yes its working,thanks r3…

      • adelson1

        Sorry but i dont understand. what do i have to insert inside if(isset ?

  • Harry

    I am getting this error….i google it but not getting any solution.
    Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in forgotpassword.php on line 16

  • Akash Dongre

    Password gets updated. But when I am try to login it gets fail.

  • This is a most important blog and it’s a very helpful for us . Thanks for sharing .

  • Muhammad Tauqeer

    if i want to change password again of same email then it show me error of invalid password or password already changed..its because of used 0 and used 1..plese tell me how i can overcome