Hi I think your solution is the best out there but I have a question. How do yo insert the UserId? The user ins't logged in so the session variable equals 0. Or how do you get the UserId for the insert?
João Pedro Abreu wrote:
Though João himself can probably best answer that, I'll give my 2c. For a user to recover their password, there must be something identifying that user. That may be an e-mail address, or a username, or a debitnumber or whatever you use in combination with the password for login or identification, something that must be unique to the user. In the password recovery screen, you ask for that unique identification (again, typically a username or e-mail address), and you can use that to query your database an link it to whatever user identifier you are using internally.