In authlogic, I set the password field to "crypted password"
Is there a way to display a password, even if its "crypted"? What if the user forgets the password and needs to recover it? How can I recover a crypted password?
Thanks
In authlogic, I set the password field to "crypted password"
Is there a way to display a password, even if its "crypted"? What if the user forgets the password and needs to recover it? How can I recover a crypted password?
Thanks
You don't "recover" it. You reset it. User types in username, clicks "reset password". You lookup email address of user in DB and email them a link with a secret token which allows them to choose a new password. The secret token is kinda like a one-time-password which only lets them change their password. You've prolly seen this sort of thing with many websites?
> In authlogic, I set the password field to "crypted password"
> Is there a way to display a password, even if its "crypted"? What if > the user forgets the password and needs to recover it? How can I > recover a crypted password?
You don't "recover" it. You reset it. User types in username, clicks "reset password". You lookup email address of user in DB and email them a link with a secret token which allows them to choose a new password. The secret token is kinda like a one-time-password which only lets them change their password. You've prolly seen this sort of thing with many websites?
Right, is it difficult to write out that "secret token"? hmm I'm having trouble picturing how the code should look like
Google is your friend: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/
Best regards
Peter De Berdt
Have you tried googling for "authlogic reset password"? If not, why not?
http://www.google.com/search?q=authlogic+forgot+password
Be careful. Some examples may be quite old, but it will give you the big picture of how to implement this.
This one is quite interesting (and seems to be up to date): http://github.com/rejeep/authlogic-password-reset-tutorial