FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Most secure way to reset a password via email link
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Most secure way to reset a password via email link [message #185157 is a reply to message #185156] Wed, 05 March 2014 13:49 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 3/5/2014 8:02 AM, jvd_200089(at)yahoo(dot)co(dot)uk wrote:
> When resetting a password:
> 1) Emailing a new password that the user then logs in with and resets is the most simple method for non hashed passwords.
>
> 2) The other way involves sending a link for them to click on that redirects them to the password reset page but unless their email is secure anyone could click that link. What is special about this 2nd way? because thats what how my boss wants it to work because there is not point doing it that way if it isn't more secure than sending them a temporary new password.
>
> Also any source code examples for option 2 would be appreciated.
>

Either choice is only as secure as the email.

Actually doing it will be dependent on your installation. Basically,
you need to create a password reset page; when the user requests a new
password, generate a random string (the longer the better) and store it
somewhere, i.e. in a database. Then email a link with the random string
as a parameter to the url.

When the user clicks on the link and accesses your reset page, get the
parameter from the url and process the request.

--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: simple link won't show
Next Topic: Need help accessing the key array.
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Wed Nov 27 08:32:29 GMT 2024

Total time taken to generate the page: 0.04869 seconds