Password reminder

2008-01-10
2013-05-28
  • Nobody/Anonymous

    It would be nice to get an password reminder, or the possibility to reset the password and e-mail the new password.
    I think a password reminder is not possible in this version, because the used crypt code is nor reversible

    Regards Knut

     
    • Matthias Steffens

      Hi Knut,

      > It would be nice to get an password reminder

      I agree that this might be useful.

      > or the possibility to reset the password and e-mail the new password.

      You mean, that a regular user should be able to reset his password and get a new one created and served by refbase? But then, if a user has forgotten his original password, how could refbase verify (without the judgement of a real admin) that this user is permitted to reset & receive a new password for a particular account?

      Currently, refbase allows the admin to set a new password for a user and email that to the user manually.

      > I think a password reminder is not possible in this version
      > because the used crypt code is nor reversible

      That's correct. refbase does not store the real password, just a non-reversible encrypted version of it. I think that this is a good thing and that refbase really shouldn't need to know the real password.

      So, I think, that the best way of dealing with this would be an option to automatically send out an email to the user (containing the password) whenever the admin *manually* sets a new password for that user.

      Matthias

       
      • Knut Krüger

        Knut Krüger - 2008-01-10

        Maybe if could be an option for the admin to set whether user are allowed to order a new password, refbase could send them a new one
        The option could either set by the ini file or in the options menu.

        And with the new password the user could change the password again.
        Nobody knows the password except the user and the user is verified with the e-mail address.

        Regards Knut

         
        • Matthias Steffens

          Hi Knut,

          I'm not sure I'm following you. Are you suggesting something like this: A "Forgotten Password?" link could point to a web form by which a user could send an email to the admin asking for a new password. This *could* be automated further so that, upon form submission, a new password would be set and sent back to the given email address. Here's how CiteULike does it:

          http://www.citeulike.org/lost_password_form.adp

          In case of MediaWiki, after one has clicked on a button entitled "Mail me a new password", it sends an email like this:

          > Someone (probably you, from IP address XX.XXX.XX.XX)
          > requested that we send you a new refbase login password.
          > The password for user "Matthias" is now "hqw8hMy".
          > You should log in and change your password now.

          So I agree that something similar could be useful for refbase. Personally, however, I'd consider other planned features much more important.

          Matthias

           

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks