10-18-2009, 02:46 PM
Hi I am improving and modifying a simple event manager. The login form has a forgotten password link which obviously leads to the forgot password page. Is there anyway I can prevent direct access to the forgotten password file i.e. from someone being able to type http://yoursite.com/admin/forgotPass.php in the address bar?
Thanks in Advance
10-18-2009, 06:13 PM
If there's a link to it already, what difference does it make?
Why is it a problem if someone enters it on the address bar?
10-18-2009, 06:40 PM
there is no plausible reason for why you would need to do this as stated above by mlseim. If your worried about "hack attempts" then secure your code to the best of your ability.
10-18-2009, 06:44 PM
It was just from a security point of view. The original script had a password reset function which sent a link to the users email address, the user would then click on the link which would take you to another page from which you can change your password. I have changed this to send the user a new encrypted password on input of an email address instead.
10-18-2009, 06:45 PM
straight into there mail box or on screen?
10-18-2009, 06:53 PM
You should only replace the original password when the 'new' password gets used. This will prevent someone from going through a bunch of usernames on your site, requesting 'forgotten' passwords and causing the original passwords to be replaced with the 'new' ones.
10-18-2009, 07:16 PM
I see what you mean. Currently the username is the email address and when you click on the forgotten password link and enter the email address, it sends the the user with that email address a new password which is encrypted.
So you are saying instead of changing their password when they enter their email address correctly, send them a temporary password, let them log in with the temporary password then let them create a new password to overwrite the original password.
Would having a security question also improve security more? Do you recommend having an email address as a username or would you recommend having both?
Thanks for your help
I think what CFMaBiSmAd means (and I would agree), is that when you send the link to the member's email address, you make the thing work so that only when they click that link, will it change the db password value. Otherwise, some hacker could come along and change everyone's password such that they have to learn a new one, when they didn't want it to be changed.
Another thing.... why send the encrypted pwd to the email address? firstly, that route is not secure. also, I would suggest, the user wants a fairly easy to recall password and not a 32 character one.
So, basically, send them a link which works only for say 24hrs. that emans it will have a value which is changed every 24hrs. unless the value in that url matches, access to the change-my-password script cannot happen. once in that scipt, they can submit a new pwd and perhaps a security question and a prompt/aide memoire for it.
10-19-2009, 11:47 AM
I see what you mean. Currently the username is the email address and when you click on the forgotten password link and enter the email address, it sends the the user with that email address a new password which is encrypted
Sorry I got that wrong. It sent the user a random password which is encrypted with md5 & $salt, in the database, not sent encrypted.