Trying to Create an Email-Based Password Reset Feature but need to encrypt the URL
Change_password.php
<?php
if($_GET){
$email=base64_decode($_GET['email']);
}
else
{
echo "Url has no user";
}
if(isset($_POST['submit'])){
$email=$_POST['email'];
$password=$_POST['password'];
$obj=new commands();
$obj->update_password($email,$password);
}
?>
<form action="" method="post" id="my_form" class="mt-3">
<div class="form-group">
<label class="tags">ENTER NEW PASSWORD</label>
<input type="text" name="email" value="<?php echo $email; ?>">
<input type="password" name="password" id="password" class="form-control" autocomplete="off" placeholder="new password">
</div>
<div class="form-group">
<input type="submit" value ="submit" name="submit" class="btn btn-primary btn-block">
</div>
</form>
forgot_password.php
<?php
if(isset($_POST['submit'])){
$email=$_POST['email'];
$obj=new commands();
$obj->forgot_passowrd($email);
}
?>
<form action="" method="post" id="my_form" class="mt-3">
<div class="form-group">
<label class="tags">EMAIL ADDRESS</label>
<input type="email" name="email" id="email" class="form-control" autocomplete="off" placeholder="name@address.com">
</div>
<div class="form-group">
<input type="submit" value ="submit" name="submit" class="btn btn-primary btn-block">
</div>
</form>
Functions
function forgot_passowrd($email){
$to = $email;
$subject = "Forgot Password";
$url= base64_encode('/test/change_password.php?email=$email');
$message = "
<html>
<head>
<title></title>
</head>
<body>
<h1>Hello Change ur password</h1>
<a href='$url';>Change Password</>
</body>
</html>
";
$headers = "MIME-Version: 1.0" . "
";
$headers .= "Content-type:text/html;charset=UTF-8" . "
";
$headers .= 'From: <mymemail@gmail.com>' . "
";
mail($to,$subject,$message,$headers);
header('Location: login.php?msgF=' . urlencode(base64_encode("Check Mail To Reset Password")));
}
function update_password($email,$password){
$sql= $this->con->prepare("UPDATE user SET password=:password where email=:email");
$sql->bindParam(':email', $email);
$sql->bindParam(':password', base64_encode($password));
$sql->execute();
header('location:login.php');
$this->con= null;
header('Location: login.php?msgC=' . urlencode(base64_encode("Password Changes Succesfully")));
}
Here I am using email function to send an email to user to reset the password with attached $email in the url. I want to encrypt that url but after encryption that url in not accessible(Obviously) But is there any other way to encypt my url so email will be not visible the url and still the function of changing password works.
if you want to hide the email address from the public, you can encrypt the email address only not the entire URL.
'/test/change_password.php?email='.encrypt($email);
Then receive the email address like follow,
if($_GET){
$email=decrypt($_GET['email']);
}
I hope this help you.