[Phpslash-devel] lost password code
Brought to you by:
joestewart,
nhruby
Menu
▾
▴
[Phpslash-devel] lost password code
|
From: Joe S. <joe...@us...> - 2003-02-25 15:36:01
|
Please take a look at the changes to the lost password code and comment on any problems you see. I didn't like a couple of things about the way the lost password stuff worked, so I changed it to be only used a single time. A brief explanation: Choosing to have the confirmation emailed generates a couple of actions: 1. An array is saved to the user's db entry that contains a unique challenge word. 2. An array is emailed to the user that contains the same unique challenge word. When the profile page is loaded with this confirm variable, an author class method - confirmAuthor - attempts to verify the data. If it matches, the string is removed from the db to disallow any further use, and cookie vars are created to pass the preauth. No useful data is returned to the calling script and it is only good for a single use now. The psl_author 'perms' field is used to store the data. 0.7 doesn't use this field but 0.65 did. As long as the upgrade script has been run this should be OK. thanks, Joe |
