Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Help Required, suggest Simple, secure and best solution
Help Required, suggest Simple, secure and best solution
  • El Forum
    Guest
  •  
#1
04-01-2013, 02:50 PM

[eluser]Unknown[/eluser]
hello guys. i m developing an application in CI. and i want to implement forgot password.
what i want

1. if user clicks on "forgot password" (s)he has to provide email and when correct email address is given an email will sent on that having a link.

2. that link is valid till a new link is generated or password is changed

3. in that link there must be a key from which system can identify the user (not straight away a user name but some encrypted form)


plzz suggest me what to do and how to do it. any solution other than hashing..... waiting for your precious answers anxiously.

thank you

Reguards,
  • El Forum
    Guest
  •  
#2
04-02-2013, 03:49 AM

[eluser]Otemu[/eluser]
Hi,

Check out this thread http://ellislab.com/forums/viewthread/234134/
  • El Forum
    Guest
  •  
#3
04-02-2013, 04:29 AM

[eluser]RaGe10940[/eluser]
Going on with Otemu has posted and Fuzzy0ne on that thread

I pretty much have the same set up minus the forgot password option but my options will aid in your decisions as well :

1) User Requests an account -> goes to all users who have a system admin account (goes to their emails)
2) Admin creates an account -> email is sent to the user with their Secret code (that is also stored in the DB) and their username is also in same email.
3) The office has a default PW and if a user enters in that default PW they will be prompted to go to the change PW.
4) ChancePW screen -> current password, email, secret code and new password x2 (ask for the password twice)
5) If the change is valid then the secret code is set to NULL.
6) If the change is not valid an administrator is contacted with a PW change x amount of times.

Hopefully even with this example something was cleared up for you. But definitely take a look at the thread Otemu posted.
  • El Forum
    Guest
  •  
#4
04-02-2013, 04:32 AM

[eluser]RaGe10940[/eluser]
Oh and also use Bcrypt. Hashing back in the day was created to check the legitimacy of files (checksums) and what not not for password "encryption" Tongue

I am currently using a personal Bcrypt Library but the one I linked below is extremely popular, VERY powerful and is very scale-able as well.

Note : Php 5.5 will have the very same functions available. - why? because ircmaxell is creating those functions Big Grin

https://github.com/ircmaxell/password_compat




Theme © iAndrew 2016 - Forum software by © MyBB