Password Requests?

When I amended my registration page, I included the digest to encrypt the password in the database.

If someone forgets their password, how do I get this mailed back to the user?

The action is as follows:

  def remind

        @title = "Remind Me!"

if param_posted?(:user)

            email = params[:user][:email]

            user = User.find_by_email(email)

             If user

             UserMailer.deliver_reminder(@user)

             flash[:notice] = "Reminder sent."

             redirect_to :action => "index", :controller => "site"

             else

               flash[:notice] = "There is no user with that email address."

             end

  end

end

This then calls the reminder part of UserMailer.deliver and sends the user their username and password.

This template shows… Hello, You have just requested your login details. Please see below:

Username: <%= @user.username %

Password: <%= @user.password %>

Thing is, with the password, as-is, it just prints the encrypted string, so is no use to a user.

AT the moment I only mail out the username, as the password at the moment isn’t helpful.

Is there a way to decrypt for the purposes of reminding someone?

Many Thanks... :slight_smile:

If you are using a one way hash, like 'digest/sha1', then you will not be able to decrypt the password. You can only reset it to something the system knows then send that password to them.

how would I go about resetting the password for the user to then go ahead and change to something more memorable?

Is there a tutorial about this, or can you explain how this is achieved?

Kind Regards

Craig Westmoreland wrote:

how would I go about resetting the password for the user to then go ahead and change to something more memorable?

Is there a tutorial about this, or can you explain how this is achieved?

If you're using Authlogic, this is trivial and explained in the docs IIRC. If you're not using Authlogic, you should be. :slight_smile:

Kind Regards

Best,

Not sure if there are tutorials for this or not. I got my authorization and authentication code from "Rails Recipes" and "Agile Development with Rails".

You should have a change password page anyways. Just create the standard reset password page that takes the existing password and two new passwords and changes the password to the new one. It should work a lot like the registration page.

Then when a user requests a new password, you randomly generate one, set it as there password, then email them to new password and a link the change password page.