summaryrefslogtreecommitdiffstats
path: root/HACKING
diff options
context:
space:
mode:
authorEvangelos Foutras <foutrelis@gmail.com>2009-11-12 16:21:59 +0100
committerLoui Chang <louipc.ist@gmail.com>2009-11-13 22:49:55 +0100
commit861cbf493591ec876f71ba200a844ed6177026f9 (patch)
tree38b584be9e0608694779ad4002828f93d1777fd2 /HACKING
parent6d65997f0c6b4974902e5c503696963443d8ccff (diff)
downloadaur-861cbf493591ec876f71ba200a844ed6177026f9.tar.gz
aur-861cbf493591ec876f71ba200a844ed6177026f9.tar.xz
Implement 'Password Reset' facility (FS#3061)
This works by adding a new field to the 'Users' table called 'ResetKey', which is a 32 characters long, random string. When the user requests a password reset, a new 'reset key' is generated and sent to the user's e-mail address in the form of a link in the following format: http://aur.archlinux.org/passreset.php?resetkey=<reset key> When the above link is followed, the user is presented with a form to verify his/her e-mail address and specify the new desired password. If the e-mail address matches the reset key in the database, the new password is assigned to the account. If there is an error, a relevant message is displayed and the user is prompted to re-enter the required information. Upon successful completion of this procedure, the ResetKey field in the database is blanked and the specific key cannot be reused. One SQL query is needed to add the ResetKey field to the 'Users' table: ALTER TABLE `Users` ADD `ResetKey` CHAR(32) NOT NULL DEFAULT ''; Signed-off-by: Loui Chang <louipc.ist@gmail.com>
Diffstat (limited to 'HACKING')
0 files changed, 0 insertions, 0 deletions