[geeklog-devel] Lost password

Dirk Haun dirk at haun-online.de
Mon May 5 10:05:25 EDT 2003

Simon Lord <slord at marelina.com> wrote:

>How do we address an ass that wants to be a pain and sits patiently 
>entering usernames into the lost password form requesting new passwords 
>for as many users as they can?

Okay, obviously nobody saw my posting over at geeklog-devtalk, so here's
a quote:

>    http://project.geeklog.net/~dhaun/
>When you request a new password (via the "forgot password" link, as
>usual), you will receive an email with a unique link in it. Following
>this link will allow you to enter a new password directly.
>This is a first implementation, so it's lacking things like speed limits
>and an auto-expiry of the unique link. I would like to see some comments
>on the overall handling, though, please.

Most of this made it into CVS this morning, btw.

I will be adding a speed limit to this, too. But the beauty of the new
solution is that you can simply ignore the emails and your password will
remain intact.

bye, Dirk


More information about the geeklog-devel mailing list