Lost Password

[eluser]giovannidc[/eluser]
I've created a simple login for my website and wanted to add a "Lost Password" feature and was wondering if I could get some suggestions on how this is done or to get some constructive criticism on my idea below.

My idea was to create a another table in my database:

Code:

CREATE TABLE IF NOT EXISTS `user_keys` (
  `key_id` bigint(20) NOT NULL AUTO_INCREMENT,
  `user_id` bigint(20) NOT NULL COMMENT 'Links to "users" table',
  `key_type` int(11) NOT NULL COMMENT '1 = Activation; 2 = Password Reset',
  `key_expiry_date` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
  `key` varchar(32) NOT NULL COMMENT 'random_string(''unique'');',
  PRIMARY KEY (`key_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;

The idea is to generate a unique key using random_string(''unique''); that is valid for a period of 24 hours. A link is mailed to the user (e.g. http://myapplication.com/user/reset_pass...nique_key>) which sends him to a page to reset the password.

After 24 hours a function is called using a cron job to clear expired entries.

The idea is also to use this method to verify the user via their email address after registration.

[eluser]Bhashkar Yadav[/eluser]
you can create simple database table

Code:

CREATE TABLE IF NOT EXISTS `user_keys` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `user_id` int(10) unsigned NOT NULL,
  `unique_key` varchar(12) NOT NULL,
  `date` int(10) NOT NULL,
  PRIMARY KEY (`reset_id`)
)

insert into this table while user's request for lost password with random generated unique_key. And email the url of reset password, unique_key as url segment.

you can do further

[eluser]Bhashkar Yadav[/eluser]
forgot to mention.
please use table's date field type as TIMESTAMP it will be easy to track the time difference.