Sometimes people forget. Usually it is when they need to get into their account or behind the nice ACL system you have setup. So, how do you handle the forgotten passwords?

With our sites we have a small form setup for people to fill in their email address, that will then send them an email with a replaced password, fill in the temporary password in the database, they then can use that new password to log in and change it.

The form in the view just asks for the email address of your blank-minded user. Since it is a user account interaction with the site we use the users_controller to run everything, thus this code goes into the views/users/forgot.ctp.

1
echo $form->create('User', array('action' => 'forgot'));<br />echo $form->input('email', array('label' => ''));<br />echo $form->end('Reset Password');

Next, add the forgot method to your in your users_controller. If we find an email in our database then we shall run the createTempPassword in our user model, Auth the resulting password and send a password.

1
function forgot() {<br /> if(!empty($this->data)) {<br /> $this->User->contain();<br /> $user = $this->User->findByEmail($this->data['User']['email']);<br /> if($user) {<br /> $user['User']['tmp_password'] = $this->User->createTempPassword(7);<br /> $user['User']['password'] = $this->Auth->password($user['User']['tmp_password']);<br /> if($this->User->save($user, false)) {<br /> $this->__sendPasswordEmail($user, $user['User']['tmp_password']);<br /> $this->Session->setFlash('An email has been sent with your new password.');<br /> $this->redirect($this->referer());<br /> }<br /> } else {<br /> $this->Session->setFlash('No user was found with the submitted email address.');<br /> }<br /> }<br />}

There are two odd calls in here. The first we are calling $this->User->createTempPassword() – which is a method in the models/user.php. It looks something like this:

1
function createTempPassword($len) {<br /> $pass = '';<br /> $lchar = 0;<br /> $char = 0;<br /> for($i = 0; $i < $len; $i++) {<br />&nbsp;&nbsp; 		while($char == $lchar) {<br />&nbsp;&nbsp;&nbsp;&nbsp;		$char = rand(48, 109);<br />&nbsp;&nbsp;&nbsp;&nbsp;		if($char > 57) $char += 7;<br />&nbsp;&nbsp;&nbsp;&nbsp;		if($char > 90) $char += 6;<br />&nbsp;&nbsp; 		}<br />&nbsp;&nbsp; 		$pass .= chr($char);<br />&nbsp;&nbsp; 		$lchar = $char;<br /> }<br /> return $pass;<br />}

It returns a random string that we are saving into the users table. After that we are using the Auth component to set that string as a hashed value, that overides that old password on Save. When we save it into the database, and everything goes smooth we run the Email Component -> which sends the email address an email.

First include the Email Component in the top of your users_controller.

1
var $components = array('Email');

And then in the same controller add the following code:

1
function __sendPasswordEmail($user, $password) {<br />	if ($user === false) {<br />		debug(__METHOD__." failed to retrieve User data for user.id: {$user['User']['id']}");<br />		return false;<br />	}<br />	$this->set('user', $user['User']);<br />	$this->set('password', $password);<br />	$this->Email->to = $user['User']['email'];<br />	$this->Email->bcc = array('Your-Domain Accounts <accounts@your-domain.com>');<br />	$this->Email->subject = 'Password Change Request';<br />	$this->Email->from = 'noreply@your-domain.com';<br />	$this->Email->template = 'users_'.$this->action;<br />	$this->Email->sendAs = 'both'; //&nbsp;&nbsp; $this->Email->sendAs = 'both';&nbsp;&nbsp; // you probably want to use both :)&nbsp;&nbsp; <br />	$this->Cookie->write('Referer', $this->referer(), true, '+2 weeks');<br />	$this->Session->setFlash('A new password has been sent to your supplied email address.');<br />	return $this->Email->send();<br />}

Done. Set the flash to inform the user of a sent out password. And a redirect back where they came from.

If you have another way to handle forgotten passwords in your sites, I would love to hear what you use, plugins or helpers to handle this kind of forgetfulness. Hit me up in the comments below.