I want to implement a "forgot my password" feature, but I am not sure how to do that...
Well I am going to ask the user his/her email and the secret answer.
Then if they match with the data in the database I will send an email with a link that should change his/her password
This is where I am lost. How do I implement this last step?
forgot my password feature
Moderator: General Moderators
-
klarinetking
- Forum Commoner
- Posts: 59
- Joined: Mon Jul 24, 2006 9:43 am
Hi,
The best way I have found to do this is:
1) User requests to change their password
2) User Record is changed to inactive, and a key is generated and posted to the DB, and sent to the user.
3) User follows link (which includes key in GET) in e-mail, and has to input their username and secret answer.
4) If everything matches, provide a form to change the password. Change user record to active with the new pw.
Hope this helps
klarinetking
The best way I have found to do this is:
1) User requests to change their password
2) User Record is changed to inactive, and a key is generated and posted to the DB, and sent to the user.
3) User follows link (which includes key in GET) in e-mail, and has to input their username and secret answer.
4) If everything matches, provide a form to change the password. Change user record to active with the new pw.
Hope this helps
klarinetking
There is no need to make the account inactive because: Evil user comes along. Requests to change someone's password on an account that isn't his - oh look that account is now inactive.klarinetking wrote:2) User Record is changed to inactive, and a key is generated and posted to the DB, and sent to the user.
Shears