| Password Reminder / Reset |
[eluser]Radou[/eluser]
Hello, I am interested in hearing from you on the best way of coding a "Forgot My Passowrd" Feature on a website developed using CI. Documentation is great when it comes to Authentification using CI, and I wrote this part of my website, but know that I am considering that people may forget their password I want to offer that feature on the login form. How can I : 1/ Generate a random generic password 2/ Send a user a mail that will expire in 24 h if no action is taken 3/ Offer users a reset password form Your ideas on the kind of controllers and function to be developed will be very helpful for me Thanks in advance for your thoughts Radou
[eluser]Otemu[/eluser]
Hi, There quite a few authentication libraries that already include these feature, you could look out how there implement things or just use one of the libraries for your site. If your going to create a custom, you could either create a custom library which could be used for future projects, or just make classes within your current site to handle this functionality here some basic concept that you could improve on, once you have verified that the user can change his password you could do something like this which would update user with a generic password, set expiry and email the details Code: function genericPassword($userEmail){To offer a user password reset form, each time a user sign in into your site you could check if there using a temporary generated password, if the password is temporary then just redirect them to a reset form where there now can update there password. This is a basic concept that definitely could be improved but hopefully helps you in the right direction. If you need further help let me know
[eluser]TheFuzzy0ne[/eluser]
First, you'll need a table to store the password resets. In mine, I have the following fields: member_id (So you can join this table with the table containing your member's data). code (A randomly generated code, the more characters, the better). requested_on (The timestamp for when the password reset was requested). If a user needs a password reset, this is the process. 1) The user clicks on the "Forgot Password" link on the login page. 2) The user is prompted to enter their email address or username. 3) An entry is added to the password resets table, an email is sent to the member, and a message is displayed to the user telling them to check their emails (including their spam). The link contains the random code, and also their email address. This is to make it more difficult for people to try random reset codes, hoping to get lucky, and hijack someone's account. 4) The user clicks on the link to reset their password. 5) The server checks that the code is in the password reset table, and that the supplied email address belongs to the user in question. If all is well, one last check is carried out to make sure the link hasn't expired. 6a) If the link has expired, the user is told this, and must go through the process again. The entry is deleted from the password reset table. 6b) If the link hasn't expired, a form is displayed which allows them to change their password. 7) The user completes the form and submits it. The password is validated, and if it is strong enough, the user is logged in, and the entry is deleted from the password reset table. CodeIgniter has a helper that can generate random strings, that are safe to use in URLs (without triggering a "The URI you have submitted contains disallowed characters" error). http://ellislab.com/codeigniter/user-gui...elper.html However, it should be pretty simple coming up with your own function that can include some other characters too. Hope this helps.
[eluser]Radou[/eluser]
Thank you guys, Yes it is helpful, I will try to update this thread once I do the development May be it can be useful to someone else Good idea to store the resets into a different table, didn't think about that Thanks again Radou |
| Welcome Guest, Not a member yet? Register Sign In |
