how to create forgot password page securely in php.It send message to email for verify set new password .

It sounds like you're asking for a secure workflow for when someone forgot a password. If you're looking for an implementation in PHP, you should provide much more detail and also focus on a specific step in the process. Are you using a PHP framework? For Laravel, this could be useful for part of the feature: https://laravel.com/docs/7.x/passwords Hopefully you keep your user's email address stored in your database. Get the user to enter the email address associated with the account. Don't assist the user by saying if the account exists or not while typing it in. Also, don't provide any select-dropdown or search feature because you'll be exposing every user's private email address. Set a randomized temporary token on that user's account. Don't immediately invalidate the password because the person resetting the password hasn't proven he's the owner of the account. Also, let the temporary token expire after 24 hours or so. Email the randomized token to the email address in a link or displayed code. After clicking the link, allow the user to set a new password and confirm it. Upon confirming, update the password and clear the temporary token so no one else can use it to set any new passwords.