How to Create Secure Forgot and Reset Password System in PHP and MySQL β Complete Guide 2026
One of the most important features in every modern website or web application is the Forgot Password and Reset Password System. Users often forget passwords, and without a secure password recovery system, they may lose access to their accounts permanently.
If you are searching for:
Forgot Password PHP
Reset Password PHP MySQL
PHP Login System
Secure Authentication PHP
Password Reset Email PHP
Forgot Password Tutorial
PHP Reset Link System
then this complete tutorial is for you.
Official Website:
In this detailed guide, you will learn how to build a professional Forgot Password and Reset Password system using:
PHP
MySQL
PDO
Bootstrap 5
Email Reset Links
Secure Tokens
Password Hashing
This tutorial is ideal for:
Beginners
Students
Developers
Freelancers
Bloggers
School systems
Inventory systems
Accounting systems
Hotel systems
POS systems
Read more tutorials at:
Why Forgot Password Systems Are Important
Many websites lose users because they do not provide an easy way to recover forgotten passwords.
A secure password reset system helps users:
Recover accounts
Improve security
Reset passwords safely
Protect user data
Reduce support requests
Every professional system should include:
Login
Register
Forgot password
Reset password
Session security
Password hashing
Website:
Features of a Secure Reset Password System
A modern password reset system should include:
1. Email Verification
The system should verify that the email belongs to a registered user.
2. Secure Reset Token
Each password reset request should generate a secure random token.
3. Expiry Time
Reset links should expire after a certain time.
4. Password Hashing
Passwords should never be stored in plain text.
5. Prepared Statements
Prepared statements help prevent SQL injection.
6. CSRF Protection
The system should protect forms against attacks.
Website:
Technologies Used
PHP
PHP is a powerful backend language for web applications.
Advantages:
Easy to learn
Flexible
Fast
Supports databases
Large community
MySQL
MySQL stores:
Users
Passwords
Tokens
Expiry times
Bootstrap 5
Bootstrap helps create:
Modern forms
Responsive pages
Professional UI
Mobile-friendly layouts
PDO
PDO helps:
Secure queries
Prevent SQL injection
Improve database handling
Website:
Database Structure
First create the users table.
Users Table
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(100) UNIQUE,
email VARCHAR(150) UNIQUE,
password VARCHAR(255),
reset_token VARCHAR(255) NULL,
reset_expires DATETIME NULL,
created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
);
Website:
Database Connection File
Create:
config.php
Code:
<?php
$host = "localhost";
$dbname = "authentication_system";
$user = "root";
$pass = "";
try {
$pdo = new PDO(
"mysql:host=$host;dbname=$dbname;charset=utf8mb4",
$user,
$pass
);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
die("Database connection failed");
}
?>
Website:
User Registration System
Before creating forgot password functionality, users must register.
Registration Form
<form method="POST">
<input type="text" name="username" placeholder="Username">
<input type="email" name="email" placeholder="Email">
<input type="password" name="password" placeholder="Password">
<button type="submit">Register</button>
</form>
Registration PHP Code
<?php
require 'config.php';
$username = $_POST['username'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$stmt = $pdo->prepare(
"INSERT INTO users(username,email,password)
VALUES(?,?,?)"
);
$stmt->execute([
$username,
$email,
$password
]);
?>
Website:
Creating Login System
Login Form
<form method="POST">
<input type="text" name="username">
<input type="password" name="password">
<button type="submit">Login</button>
</form>
Login PHP Code
<?php
session_start();
require 'config.php';
$username = $_POST['username'];
$password = $_POST['password'];
$stmt = $pdo->prepare(
"SELECT * FROM users WHERE username=? LIMIT 1"
);
$stmt->execute([$username]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user && password_verify($password, $user['password'])) {
$_SESSION['user_id'] = $user['id'];
header("Location: dashboard.php");
} else {
echo "Invalid login";
}
?>
Website:
Creating Forgot Password Page
Now let us create the forgot password functionality.
Create file:
forgot_password.php
Forgot Password Form
<form method="POST">
<input type="email" name="email" placeholder="Enter email">
<button type="submit">Send Reset Link</button>
</form>
Forgot Password PHP Code
<?php
require 'config.php';
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$email = trim($_POST['email']);
$stmt = $pdo->prepare(
"SELECT id,email FROM users WHERE email=? LIMIT 1"
);
$stmt->execute([$email]);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if ($user) {
$token = bin2hex(random_bytes(32));
$token_hash = hash('sha256', $token);
$expires = date("Y-m-d H:i:s", time() + 3600);
$stmt = $pdo->prepare(
"UPDATE users
SET reset_token=?, reset_expires=?
WHERE id=?"
);
$stmt->execute([
$token_hash,
$expires,
$user['id']
]);
$resetLink = "https://faulink.com/reset_password.php?token=" . urlencode($token);
echo $resetLink;
}
}
?>
Website:
Sending Password Reset Email
The system should email the reset link to users.
PHP Mail Example
<?php
$subject = "Reset Password";
$message = "Click the link below to reset your password:\n\n";
$message .= $resetLink;
$headers = "From: no-reply@faulink.com";
mail($email, $subject, $message, $headers);
?>
Website:
Creating Reset Password Page
Create file:
reset_password.php
Reset Password PHP Code
<?php
$password = $_POST['password'];
$confirm = $_POST['confirm'];
if ($password !== $confirm) {
$error = "Passwords do not match";
} else {
$hashed = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare(
"UPDATE users
SET password=?,
reset_token=NULL,
reset_expires=NULL
WHERE id=?"
);
$stmt->execute([
$hashed,
$user['id']
]);
$success = "Password updated successfully";
}
}
?>
Website:
Reset Password Form
<form method="POST">
<input type="hidden" name="token" value="<?= htmlspecialchars($token) ?>">
<input type="password" name="password" placeholder="New Password">
<input type="password" name="confirm" placeholder="Confirm Password">
<button type="submit">Update Password</button>
</form>
Website:
Password Hashing
Never store passwords in plain text.
Secure Password Hashing
password_hash($password, PASSWORD_DEFAULT)
Password Verification
password_verify($password, $hash)
Website:
Why Secure Tokens Are Important
A reset token helps verify the password reset request.
A good token should:
Be random
Be unique
Be long
Expire automatically
Example:
$token = bin2hex(random_bytes(32));
Website:
Common Forgot Password Errors
1. Token Invalid
This happens when:
token expired
wrong token
modified URL
2. Email Not Sending
Check:
hosting mail support
SMTP settings
spam folder
3. Password Not Updating
Check:
database connection
password column length
SQL queries
4. Redirecting to Login Page
Check:
session logic
require_login()
authentication checks
Website:
Bootstrap 5 Professional UI
Bootstrap helps create:
attractive forms
responsive pages
mobile layouts
modern UI
Example:
<div class="card shadow p-4">
<h3>Forgot Password</h3>
</div>
Website:
Security Best Practices
Use HTTPS
Always use SSL certificates.
Use PDO Prepared Statements
Prepared statements prevent SQL injection.
Use Strong Passwords
Require:
numbers
uppercase letters
symbols
minimum length
Expire Reset Tokens
Never allow permanent reset links.
Regenerate Sessions
Use:
session_regenerate_id(true);
Website:
SEO Benefits of Authentication Tutorials
Authentication tutorials are highly searched online.
Popular searches include:
forgot password php
reset password mysql
php login system
secure authentication php
php registration system
These tutorials can generate:
Google traffic
AdSense revenue
clients
backlinks
source code downloads
Website:
How to Monetize PHP Tutorials
1. Google AdSense
Add ads to:
tutorial pages
source code pages
coding articles
2. Sell Source Codes
Developers buy:
login systems
school systems
hotel systems
inventory systems
3. Freelancing
Clients may hire you for:
customization
debugging
security improvements
hosting setup
4. Affiliate Marketing
Promote:
hosting providers
domain companies
coding tools
AI tools
Website:
Frequently Asked Questions
Is PHP secure for authentication?
Yes, when using:
password hashing
PDO
secure tokens
session security
Is PDO better than MySQLi?
PDO is flexible and secure.
Can beginners create login systems?
Yes. Beginners can start with simple authentication projects.
Can reset links expire?
Yes. Expiry improves security.
Is Bootstrap necessary?
No, but Bootstrap helps create professional interfaces.
Website:
Advanced Improvements
You can improve your system further using:
SMTP email sending
PHPMailer
OTP verification
Two-factor authentication
Email verification
Remember me functionality
Social login
Website:
Conclusion
A professional Forgot Password and Reset Password system is extremely important for every modern web application.
Using:
PHP
MySQL
PDO
Bootstrap
Secure tokens
Password hashing
You can create a secure authentication system suitable for:
school systems
accounting systems
inventory systems
hotel systems
blogs
business applications
This project can help you:
improve PHP skills
get freelancing clients
grow website traffic
earn AdSense revenue
sell source codes online
For more tutorials about:
PHP Login Systems
School Management Systems
Inventory Systems
POS Systems
Hotel Systems
Bootstrap Templates
AI Tools
SEO Tutorials
visit:
π Unahitaji mfumo au website ya biashara?
Chagua huduma hapa chini kisha mteja bofya moja kwa moja kwenda kwenye ukurasa wa huduma au kuwasiliana nasi kwa WhatsApp.