Hi I am improving and modifying a simple event manager. The login form has a forgotten password link which obviously leads to the forgot password page. Is there anyway I can prevent direct access to the forgotten password file i.e. from someone being able to type http://yoursite.com/admin/forgotPass.php in the address bar?
It was just from a security point of view. The original script had a password reset function which sent a link to the users email address, the user would then click on the link which would take you to another page from which you can change your password. I have changed this to send the user a new encrypted password on input of an email address instead.
You should only replace the original password when the 'new' password gets used. This will prevent someone from going through a bunch of usernames on your site, requesting 'forgotten' passwords and causing the original passwords to be replaced with the 'new' ones.
If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.
I see what you mean. Currently the username is the email address and when you click on the forgotten password link and enter the email address, it sends the the user with that email address a new password which is encrypted.
So you are saying instead of changing their password when they enter their email address correctly, send them a temporary password, let them log in with the temporary password then let them create a new password to overwrite the original password.
Would having a security question also improve security more? Do you recommend having an email address as a username or would you recommend having both?
I think what CFMaBiSmAd means (and I would agree), is that when you send the link to the member's email address, you make the thing work so that only when they click that link, will it change the db password value. Otherwise, some hacker could come along and change everyone's password such that they have to learn a new one, when they didn't want it to be changed.
Another thing.... why send the encrypted pwd to the email address? firstly, that route is not secure. also, I would suggest, the user wants a fairly easy to recall password and not a 32 character one.
So, basically, send them a link which works only for say 24hrs. that emans it will have a value which is changed every 24hrs. unless the value in that url matches, access to the change-my-password script cannot happen. once in that scipt, they can submit a new pwd and perhaps a security question and a prompt/aide memoire for it.
"The day you stop learning is the day you become obsolete"! - my late Dad.
I see what you mean. Currently the username is the email address and when you click on the forgotten password link and enter the email address, it sends the the user with that email address a new password which is encrypted
Sorry I got that wrong. It sent the user a random password which is encrypted with md5 & $salt, in the database, not sent encrypted.