I have used a sha256 hashing algorithm in order to provide some security to my login facility. I now want to create a facility whereby, if the user forgets their password, they are emailed a temporary password so that they can login. Has anyone had any experience implementing this?
Generally if you’re using a hash to store the password, then you will need to send users to a page where they can enter a new password. You can do this by generating a temporary token (random value) that you include in a url you mail to the user and set it to expire within a few minutes of being generated. Make sure it’s enough time for the password to be reset.
Andrew Timberlake http://ramblingsonrails.com http://www.linkedin.com/in/andrewtimberlake
“I have never let my schooling interfere with my education” - Mark Twain
Lovd does just that, take a look at:
lovdbyless.com
http://github.com/stevenbristol/lovd-by-less/tree/master
Cheers, Sazima
Cheers Sazima thats a great help!
