Login

02-07-2010, 03:08 AM

[eluser]JoostV[/eluser]

Quote:The way my client wants it is to have each member’s password displayed in the admin area so that whenever one of the members request to have their password sent back to their email he can do so by searching the member’s ID.

That sounds like your clients wants to send forgotten passwords by hand :ohh:

You could create a reset password routine, there's no need to send forgotten passwords.

1. visitor requests reset by filling in their username
2. a confirmation email with a reset code is automatically sent to the known email address. You can store the confirmation code (Sha1 hash) in the user's profile, along with an expiration timestamp
3. If the visitor clicks the link in the confirmation e-mail he is taken to the password reset page, like /reset/confirm/[hashcode]/[username]
4. The reset page checks the username, hascode and expiration time.
5. If all is well, the password is reset to a random string
6. The reset page saves the new password and sets the reset hashcode and expiration timestamp to NULL
7. The reset page automatically sends an e-mail to the visitor containing the new password