I want to make a password reset functionality for protected pages in Wordpress for non logged in users.
The email of these people is stored in our database, and the page has a default random password.
Based on their e-mail address which they type in in a login form, if that email address is found in our database, they would receive an email with a reset link to that email address, which would point to a password reset page, where they could do the change.
Is this possible in Wordpress in a way that is secure too. How would I go about it?
Yes it is possible using the below 15 steps...
Create password reset page with input for user email address
Post user email address to same page
Query database table to to verify email address belongs to a registered user
Create random string of characters, recommended 32 characters long
Store random string in database table
Create password reset URL
Password reset URL should direct to password reset page on your site
Include the random string as a query parameter in the password reset URL
Include the user email address as a query parameter in the password reset URL
Email password reset URL link to user
When user click on the password reset URL link it will open the password reset page
Capture the random string and user email query parameters
Query database table to to verify email address belongs to a registered user
Crosscheck the the random string query parameter associated with the verified email address against the value stored in step 5
If match, proceed to allow user to change password value