Password Requests?

When I amended my registration page, I included the digest to encrypt
the password in the database.

If someone forgets their password, how do I get this mailed back to
the user?

The action is as follows:

  def remind

        @title = "Remind Me!"

if param_posted?(:user)

            email = params[:user][:email]

            user = User.find_by_email(email)

             If user

             UserMailer.deliver_reminder(@user)

             flash[:notice] = "Reminder sent."

             redirect_to :action => "index", :controller => "site"

             else

               flash[:notice] = "There is no user with that email
address."

             end

  end

end

This then calls the reminder part of UserMailer.deliver and sends the
user their username and password.

This template shows… Hello, You have just requested your login
details. Please see below:

Username: <%= @user.username %

Password: <%= @user.password %>

Thing is, with the password, as-is, it just prints the encrypted
string, so is no use to a user.

AT the moment I only mail out the username, as the password at the
moment isn’t helpful.

Is there a way to decrypt for the purposes of reminding someone?

Many Thanks... :slight_smile:

If you are using a one way hash, like 'digest/sha1', then you will not
be able to decrypt the password. You can only reset it to something
the system knows then send that password to them.

how would I go about resetting the password for the user to then go
ahead and change to something more memorable?

Is there a tutorial about this, or can you explain how this is
achieved?

Kind Regards

Craig Westmoreland wrote:

how would I go about resetting the password for the user to then go
ahead and change to something more memorable?

Is there a tutorial about this, or can you explain how this is
achieved?

If you're using Authlogic, this is trivial and explained in the docs
IIRC. If you're not using Authlogic, you should be. :slight_smile:

Kind Regards

Best,

Not sure if there are tutorials for this or not. I got my
authorization and authentication code from "Rails Recipes" and "Agile
Development with Rails".

You should have a change password page anyways. Just create the
standard reset password page that takes the existing password and two
new passwords and changes the password to the new one. It should work
a lot like the registration page.

Then when a user requests a new password, you randomly generate one,
set it as there password, then email them to new password and a link
the change password page.