Reset password facility


#1

I have used a sha256 hashing algorithm in order to provide some
security to my login facility. I now want to create a facility
whereby, if the user forgets their password, they are emailed a
temporary password so that they can login. Has anyone had any
experience implementing this?


#2

On Wed, Feb 11, 2009 at 11:35 PM, Shockmeister
removed_email_address@domain.invalidwrote:

I have used a sha256 hashing algorithm in order to provide some
security to my login facility. I now want to create a facility
whereby, if the user forgets their password, they are emailed a
temporary password so that they can login. Has anyone had any
experience implementing this?

Generally if you’re using a hash to store the password, then you will
need
to send users to a page where they can enter a new password.
You can do this by generating a temporary token (random value) that you
include in a url you mail to the user and set it to expire within a few
minutes of being generated. Make sure it’s enough time for the password
to
be reset.

Andrew T.
http://ramblingsonrails.com
http://www.linkedin.com/in/andrewtimberlake

“I have never let my schooling interfere with my education” - Mark Twain


#3

Lovd does just that, take a look at:

lovdbyless.com

http://github.com/stevenbristol/lovd-by-less/tree/master

Cheers, Sazima


#4

Cheers Sazima thats a great help!