I have used a sha256 hashing algorithm in order to provide some
security to my login facility. I now want to create a facility
whereby, if the user forgets their password, they are emailed a
temporary password so that they can login. Has anyone had any
experience implementing this?
On Wed, Feb 11, 2009 at 11:35 PM, Shockmeister
[email protected]wrote:
I have used a sha256 hashing algorithm in order to provide some
security to my login facility. I now want to create a facility
whereby, if the user forgets their password, they are emailed a
temporary password so that they can login. Has anyone had any
experience implementing this?
Generally if you’re using a hash to store the password, then you will
need
to send users to a page where they can enter a new password.
You can do this by generating a temporary token (random value) that you
include in a url you mail to the user and set it to expire within a few
minutes of being generated. Make sure it’s enough time for the password
to
be reset.
Andrew T.
http://ramblingsonrails.com
http://www.linkedin.com/in/andrewtimberlake
“I have never let my schooling interfere with my education” - Mark Twain
Cheers Sazima thats a great help!