Home: Need a Custom or Prewritten Perl Program?: I need a program that...:
Handling password resetting on a web site?


Mar 2, 2012, 12:48 PM

Views: 33248
Handling password resetting on a web site?

I'm not wanting to re-invent something very common.

I have a web site in development. I want the user to be able to request a forgotten password.

Is there any tutorial on doing this? Otherwise I guess I can straight up write something simple as a first draft.

I don't keep the passwords in plain text, so I can't decrypt them as far as I know. So I think I have to generate a new password and then have an email with a link that takes them to a "change password now" page.

Any tips would be great.


Apr 5, 2012, 1:40 PM

Views: 31085
Re: [srhadden] Handling password resetting on a web site?


Your plan is the route I would probably go. If you are developing the website yourself, you will likely need to design the forgotten password code to integrate into your current system, therefore custom code would be preferable.

An alternative would be to email the user a "one time" password, which expires after say 24 hours. Upon logging in with this one time password, they are asked to provide a new password. I would also store / check the users IP upon request / on change just to be extra secure.