Forgot Password Feature

Project:RUetd
Version:2.2.0
Component:Code
Category:feature request
Priority:normal
Assigned:chadmills
Status:closed
Description

A "forgot password" feature would be helpful for two reasons. The first reason is obvious, in that if a user needs access, but can't remember their account information, the system will email them a new password. Second, if a user no longer has access through a centralized authentication system, but has already uploaded work, a new account should not be created. They should simply be able to reset their password locally through a "forgot password" feature.

Comments

#1

Project:OpenETD - Rutgers Electronics Thesis and Dissertations Platform» RUetd
Version:1.1.0-beta» 2.2.0
Assigned to:Anonymous» chadmills

#2

Status:active» test

Added to the development system. Works as outlined in feature request. Added a new script called forgot.php which is linked from the front login page. What happens is a user is prompted for there username and email address, which is checked against the `users` table. If a match is found an email is sent to the email address on record with a link to complete the password resetting process. The link is constructed with the username, email address and a unique hash for that user. When the link is accessed a check is done with the username, email and hash combination and if valid the user is asked to provide their new password in two separate input fields. Upon submit the passwords are checked that they are equal and, if so, they `users` table is updated with the new password. The user is then prompted telling them to try to login.

Added script called forgot.php
Added following function to library/functions.php to support forgot.php
- chkUnameEmailExist()
- forgotPasswordSendEmail()
- validatePasswordReset()
- changePassword()

Please test thoroughly. Will allow any user, regardless of role, the ability to change their password.

#3

Email is not a required field when creating an account, however, it is required when using the Forgot Password link. Make email required when creating account to make this feature work.

#4

Status:test» active

#5

Status:active» test

Updated to make email required on Create Account form. Also I checked the "Update My Information" form and email address is already required.

#6

Status:test» fixed

Email is required now.

#7

Status:fixed» closed

Back to top