generating a unique URL to access a secure page on my website

I have a 'forgot your password' link which when opened promts the user to enter their account password. However I want to then create a unique url which will be sent in the email. When clicked on will take the user to the change_password.php page on the website.

I can generate a unique ID using MD5 and unique(), but开发者_JAVA技巧 its from here I am not too sure how to add it onto a href to access the change_password.php page

Any help will be greatly appreciated

The only solution is to append the md5 to the query string of the link in the email. This is not very secure, but there is not really a more secure option short of giving them their password verbally over a secure land line.

Once the user clicks the link, you get the md5 from GET and compare it to their temporary password to give them access to the "reset password" page where they can type in their password securely and it is stored securely.

After they click this link to get access to the reset password page once, you should immediately destroy the temporary password (whether or not they actually go through with resetting it). The link should work only one time.

You can add additional URL parameters to change_password.php page. E.g. "token".

While generating unique URL, generate a value this token and store it in Database long with TTL (Time to live) and username.

When request comes to change_password.php, retrieve that parameter and look it up in DB to fetch TTL and corresponding username. If token has not expired then you can allow password for that user to be reset / changed.