Everton1Blue
Technical User
Hello
Can I ask about the logic behind a request for a password reset where a user has forgotten his password?
These passwords will eventually be hashed/salted.
The user completes a field requesting his email address. The code checks that he exists in the database. If not, an onscreen error message appears. If validated, he is sent an email to the address he has provided via SMTP (in this case).
That email contains a link (that is where I become unstuck - where is that link generated?) that, when clicked, takes him to another page on the Web site asking him for a password and confirmation of that password. An error is displayed if the passwords don't match.
That new password then overwrites the old password held in the database and the user receives an onscreen message confirming that his password has now been reset and that he can now try to log-on by visiting the Log-on page.
Many thanks
Can I ask about the logic behind a request for a password reset where a user has forgotten his password?
These passwords will eventually be hashed/salted.
The user completes a field requesting his email address. The code checks that he exists in the database. If not, an onscreen error message appears. If validated, he is sent an email to the address he has provided via SMTP (in this case).
That email contains a link (that is where I become unstuck - where is that link generated?) that, when clicked, takes him to another page on the Web site asking him for a password and confirmation of that password. An error is displayed if the passwords don't match.
That new password then overwrites the old password held in the database and the user receives an onscreen message confirming that his password has now been reset and that he can now try to log-on by visiting the Log-on page.
Many thanks