Page 1 of 1

forgot my password feature

Posted: Sun Oct 22, 2006 7:56 pm
by murlopaz
I want to implement a "forgot my password" feature, but I am not sure how to do that...

Well I am going to ask the user his/her email and the secret answer.
Then if they match with the data in the database I will send an email with a link that should change his/her password

This is where I am lost. How do I implement this last step?

Posted: Sun Oct 22, 2006 8:27 pm
by Zoxive

Code: Select all

mail();
But more recently everyone has been using Swift Mail...

-NSF

Posted: Sun Oct 22, 2006 9:07 pm
by murlopaz
that wasn't my question...
I have to direct the user to a webpage where he/she can change the password

Posted: Sun Oct 22, 2006 9:31 pm
by klarinetking
Hi,

The best way I have found to do this is:

1) User requests to change their password
2) User Record is changed to inactive, and a key is generated and posted to the DB, and sent to the user.
3) User follows link (which includes key in GET) in e-mail, and has to input their username and secret answer.
4) If everything matches, provide a form to change the password. Change user record to active with the new pw.

Hope this helps :)

klarinetking

Posted: Tue Oct 24, 2006 7:03 pm
by Dave2000
klarinetking wrote:2) User Record is changed to inactive, and a key is generated and posted to the DB, and sent to the user.
There is no need to make the account inactive because: Evil user comes along. Requests to change someone's password on an account that isn't his - oh look that account is now inactive. 8O This could be a problem within some applications if people could just make whoever they please inactive :lol:

Shears

Posted: Fri Nov 03, 2006 3:54 pm
by Luke
haha stupid spammer... that was halarious... what a great solution to your problem! :lol: :lol: