Forgot Password Recovery using PHP and MySQL Mailer

Issues and Improvements:

1. Password Parameter Issue:

   • The script tries to fetch the password from the URL ($_GET['passsword']), which might not be secure. Typically, password reset systems involve generating a unique token rather than directly manipulating passwords in the URL. This would be a more secure way to reset the password.

2. SQL Injection Protection:

   • The current query is vulnerable to SQL injection because the user input (email) is being inserted directly into the SQL query without sanitization. Use prepared statements to avoid this risk.

3. Email Sending with PHPMailer:

   • You're using both the PHP mail() function and PHPMailer. Since you're already including PHPMailer, it would be more consistent to use it for sending the email instead of mixing it with the PHP mail() function.

4. Error Reporting:

   • The error reporting (error_reporting(0)) is suppressing any potential errors. It's better to log or display errors in a development environment and suppress them in production.

5. Password Update Flow:

   • The password update part of the flow ($query2 = mysqli_query($con,"UPDATE password SET passsword='$password' WHERE email='$email'")) might not be working because the A password column in the database might have different naming or formatting (you should confirm column names and avoid directly setting a password like this).

Updated PHP Code:

<?php
error_reporting(E_ALL); // Enable error reporting for better debugging

$errors = '';

if (isset($_POST['submit']) && $_POST['submit'] == 'Send') {
    $email = $_POST['email'];
    
    // Check if the email exists in the database
    $con = mysqli_connect("localhost", "root", "123456", "register_login");
    
    if (mysqli_connect_errno()) {
        die("Failed to connect to MySQL: " . mysqli_connect_error());
    }

    // Use prepared statements to prevent SQL injection
    $stmt = $con->prepare("SELECT * FROM user_login WHERE email=?");
    $stmt->bind_param("s", $email); // 's' means the variable is a string
    $stmt->execute();
    $result = $stmt->get_result();

    if ($result->num_rows == 1) {
        // Generate a unique password reset token (this would be sent in the email)
        $reset_token = bin2hex(random_bytes(16)); // 16 bytes -> 32 chars

        // Save the token in the database for later verification (with expiration time if needed)
        $stmt = $con->prepare("UPDATE user_login SET reset_token=? WHERE email=?");
        $stmt->bind_param("ss", $reset_token, $email);
        $stmt->execute();

        // Send email with reset link
        require 'phpmailer/PHPMailerAutoload.php';
        $mail = new PHPMailer;
        $mail->isSMTP();
        $mail->Host = "smtp.gmail.com";
        $mail->SMTPAuth = true;
        $mail->Username = "your-email@gmail.com"; // Your email
        $mail->Password = 'your-password'; // Your email password
        $mail->Port = 587;
        $mail->SMTPSecure = 'tls';
        $mail->setFrom("your-email@gmail.com", "Your Name");
        $mail->addAddress($email);
        $mail->addReplyTo("your-email@gmail.com", "Your Name");
        $mail->isHTML(true);
        $mail->Subject = 'Password Reset Request';
        
        // Password reset link with token
        $resetLink = "http://localhost/ForgotPassword/resetpassword.php?email=$email&token=$reset_token";
        $mail->Body = "Click <a href='$resetLink'>here</a> to reset your password.";

        if ($mail->send()) {
            $errors = '<div class="alert alert-success" role="alert">A password reset link has been sent to your email address.</div>';
        } else {
            $errors = '<div class="alert alert-danger" role="alert">Failed to send email. Please try again later.</div>';
        }
    } else {
        $errors = '<div class="alert alert-danger" role="alert">Sorry, this email does not exist in our records.</div>';
    }
    $stmt->close();
    mysqli_close($con);
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <meta http-equiv="X-UA-Compatible" content="ie=edge">
    <title>Forgot Password</title>

    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css">
    <link rel="stylesheet" href="css/styles.css">
    <link href="https://fonts.googleapis.com/css?family=Bayon|Francois+One" rel="stylesheet">
</head>
<body>

<div class="container-fluid">
    <div class="row justify-content-center">
        <div class="col-md-4 mt-5 rounded">
            <div class="card">
                <h5 class="card-header info-color white-text text-center py-4">
                    <strong>Forgot Password</strong>
                </h5>
                <div class="card-body px-lg-5 pt-0">
                    <form class="text-center" action="forgotpass.php" method="POST">
                        <?= $errors ?>
                        <div class="md-form">
                            <input type="email" name="email" id="email" class="form-control" placeholder="E-mail">
                        </div>
                        <button class="btn btn-outline-info btn-rounded btn-block my-4 waves-effect z-depth-0" type="submit" name="submit" value="Send">Send Code To Mail</button>
                        <a href="signin.php">Sign In</a>
                    </form>
                </div>
            </div>
        </div>
    </div>
</div>
</body>
</html>

Key Changes:

• Prepared Statements: Used for querying the database to avoid SQL injection.

• Token Generation: Instead of passing the password directly, a unique token is generated and stored in the database. This will be used to reset the password.

• PHPMailer: Replaced the mail() function with PHPMailer for a more consistent and reliable email sending process.

• Error Reporting: Adjusted error reporting for better debugging.

Next Steps:

• Implement a resetpassword.php page to handle the password reset using the token parameter.

• Ensure your database stores the reset token and has an expiration time for better security.