View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

Is there a tutorial for validating a user in order to send them their password?

Thread began 1/03/2010 12:23 am by Stevebo | Last modified 1/14/2010 12:31 pm by Stevebo | 2820 views | 20 replies

Stevebo

After re-reading the posts, I'm questioning whether I was clear on the forgot password process I'm trying to accomplish.

So just to be sure Jason, here is how things are supposed to work:

1. The user clicks a forgot password link.

2. They are shown a forgot password page with a single form element that asks them to enter their email address.

3. I test to see if the email address exists in my client table.

4. If so, I display a "verify identity" page which shows two fields. One field is the secret question that was selected when they set up their profile. the other field is their secret answer they entered when they set up their profile.

5. The secret question field is populated with the secret question they selected when they set up their profile. This matches the email address they entered. This is not something they will change so there will only be the secret question that they had previously selected when setting up their profile.

6. The user enters their secret answer that they had previously entered when they set up their profile and clicks submit.

7. I check the client table to see if the secret answer they entered on the verify identity page matches what's in the client table for the email address that was previously checked and found to be OK.

8. If it's good, we generate a new password and email it to them. We also store an encrypted version of the password in the client table so that when they attempt to sign in, it will pass.

The reason I ask is that after re-reading the posts, it sounded like maybe you thought I'd let them pick another secret question and type in a secret answer. Perhaps I misread the posts, but just want to be sure we're on the same page.

I'm pulling the secret question from their profile so that I can prompt them for their secret answer. Technically, the secret question doesn't have to be in a form, it could be dynamic text that I display, but their secret answer will have to be in a form so they can submit their answer and I can test to see if it's OK or not.

Is this how you understood the forgot password process worked as well? I'm getting suspicious that when I said I would show two fields on the "verify password" page that it somehow indicated they could select a secret question which is not what I intended. They will see the secret question as it exists in the client table. This may be my fault for putting the secret question in a form rather than just showing it as a dynamic text element.

steve

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...