• Evangelos Foutras's avatar
    Implement 'Password Reset' facility (FS#3061) · 861cbf49
    Evangelos Foutras authored
    This works by adding a new field to the 'Users' table called 'ResetKey',
    which is a 32 characters long, random string. When the user requests a
    password reset, a new 'reset key' is generated and sent to the user's
    e-mail address in the form of a link in the following format:
    
      http://aur.archlinux.org/passreset.php?resetkey=<reset
    
     key>
    
    When the above link is followed, the user is presented with a form to
    verify his/her e-mail address and specify the new desired password. If
    the e-mail address matches the reset key in the database, the new
    password is assigned to the account. If there is an error, a relevant
    message is displayed and the user is prompted to re-enter the required
    information. Upon successful completion of this procedure, the ResetKey
    field in the database is blanked and the specific key cannot be reused.
    
    One SQL query is needed to add the ResetKey field to the 'Users' table:
    
      ALTER TABLE `Users` ADD `ResetKey` CHAR(32) NOT NULL DEFAULT '';
    
    Signed-off-by: default avatarLoui Chang <louipc.ist@gmail.com>
    861cbf49