Forgot password script. Posting of login details

If you are developing a member sign up system, you must think of a forgot password facility for your members. Members will use this facility to get their lost or forgot password with login user-id. To verify the details of the member we will ask for the email address. Here the intention is to send the login details to the members email address. We will not display the login details to the screen. Definitely the owner of the email address can only open the mail and read the login details. Here first we will ask the member to enter email address by submitting a form. Then we will check the format of the email address and if correct then we will collect the id and password from the member table. If email address is not there then we will display one error message saying that email address is not there with us, so the visitor can signup as a new member. Here we have used the same member table plus_signup which we have used in our signup tutorial and login tutorial, so this can be used as a single script. You can download the full script with login , signup and forgot password scripts at the end of this tutorial. All steps are explained with PHP comments between the steps. Use the PHP forum to post your bugs,errors etc.
$email=$_POST['email']; $email=mysql_real_escape_string($email);
$status = "OK"; $msg=""; //error_reporting(E_ERROR | E_PARSE | E_CORE_ERROR); // You can supress the error message by un commenting the above line if (!stristr($email,"@") OR !stristr($email,"."))
{ $msg="Your email address is not correct<BR>";
$status= "NOTOK";}

echo "<br><br>";
{ // validation passed now we will check the tables $query="SELECT email,userid,password FROM plus_signup WHERE = '$email'"; $st=mysql_query($query);
$recs=mysql_num_rows($st); $row=mysql_fetch_object($st);
$em=$row->email;// email is stored to a variable if ($recs == 0)
{ // No records returned, so no email address in our table
// let us show the error message echo "<center><font face='Verdana' size='2' color=red><b>No Password</b><br>
Sorry Your address is not there in our database .

You can signup and login to use our site. <BR><BR><a href='signup.php'> Sign UP </a> </center>"; exit;} // formating the mail posting // headers here $headers4=""; // Change this address within quotes to your address $headers.="Reply-to: $headers4\n"; $headers .= "From: $headers4\n"; $headers .= "Errors-to: $headers4\n";

//$headers = "Content-Type: text/html; charset=iso-8859-1\n".$headers;// for html mail
// mail funciton will return true if it is successful if(mail("$em","Your Request for login details","This is in response to your request for login detailst at site_name \n \nLogin ID: $row->userid \n Password: $row->password \n\n Thank You \n \n siteadmin","$headers"))
{echo "<center><b>THANK YOU</b> <br>Your password is posted to your emil address .
Please check your mail after some time. </center>";}

else{// there is a system problem in sending mail echo " <center>There is some system problem in sending login details to your address.
Please contact site-admin. <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center>";} }

else {// Validation failed so show the error message echo "<center>$msg <br><br><input type='button' value='Retry' onClick='history.go(-1)'></center>";}

As you have seen here we can send the lost password to the email address of the member. But if the password is encrypted and stored then we can't retrieve the lost password, so we will generate one activation key and ask the member to use that to reset the forgot password.