I have another question though, I'm make a shopping site from ground and I'm pretty much learning it from ground up..
so forgive me that my lack of fundamental knowing of the ecommerce world, if user wanted to change their account password,
would it be appropriate or most importantly- secure, that my site send an email back to their email with link in it, that when they open it, it takes them to a page that ask them to input new password directly to database? My main concern is that the page will input the new password regardless of what the original password is,
but I think what strongly back this idea is that the link in theory is only accessible if the clicker can open that email account in the first place? So it should be secure right? Should I use this method?