Hi,
I’m currently building a php & mysql driven site which has a membership section to.
As the title suggests, what is the best technique to reset a member’s password if they’ve forgotten it?
What I’m about to do is make the user fill in a “forgotten password” form with either the username or username and email address. When they submit, their password will be cleared and I will generate a random temporary password for them. Then an email will be sent to the member with the new password for them to login.
Another way I was thinking was for the user to fill in a “fogotten password” form with only the username and the original password will be sent to the registered email address. So then nothing changes.
Are there other techniques I should be considering? I haven’t a clue when it comes to security and I’m an absolute beginner with php and mysql.
Thanks
