I'm building a reset password function on my site, and it is working pretty good. But I am a little uncertain at some points.
Right now I have a table like this:
password_change_request:
ID | user_id | token | created_time
In the user_id-field the users username will be stored. In the token -field, the genereted and encrypted token will be stored. And finally in the created_time, the timestamp for the request time will be stored.
Make the request:
When users enteres their email in the Forgot Password form, the system will look up in the users-table to check if the user exist. If the user do exist, it will find the users username.
It will also generate a token by encrypting the users email along with a random SALT.
Then it will send a link with the username and token to the entered email-address, like this: http://yoursite.com/login.php?action=reset&token=28130dh29sd129809sda802e&user=yourusername
The token will be extra encrypted when it is stored in the database.
Reset password:
When the user has clicked on the link, in the email, it will lead the user to a site that will check if there exist any request in the password_change_request-table, with the given username and encrypted token.
If it does, it will check if the request is over 2 hours old by calculating the difference between the created_time in the database and the current time.
If it is not over 2 hours old, two fields will appear, where the user can enter a new password, and then reenter it for security reasons.
When the user has entered a new password and then hit on the "Reset" button, a new SALT for the user will be generated and the new password, encrypted with the salt, will be updated in the users-table.
When the new password has been updated and if the request is over 2 hours old, the request will be deleted in from the password_change_request-table.
Is this a good way to do it? It has been inspired by WordPress and other answers on this site.
But one thing I could find was what would happen to the request when it has been used/expired?
Should it just be deleted permanently from the database? I cannot seem to find another way to do so. Without this feature, the user could just be reusing the link, again and again.
So beside if it is a good way or not, the main question is how to handle the requests after they have been used or expired?
Or should I just put the token in a column of the users-table, like WordPress do, and then just clear the field, when request has been used/expired?
Hope someone can help me :)
- TheYaXxE