We should have a mechanism for forgotten passwords
I imagine a mechanism like the invitationsystem.
A random token associateted with the user is generated and stored in the database (like User_creation_keys but with a username field). Then send the token to the users email (the one stored in their profile) as part of an url.
When the user clicks the url they are taken to a page where they can choose a new password.
The token should only work for the next 15 minutes or so, if the user is too slow they must try again.
We should have a mechanism for forgotten passwords I imagine a mechanism like the invitationsystem.
A random token associateted with the user is generated and stored in the database (like User_creation_keys but with a username field). Then send the token to the users email (the one stored in their profile) as part of an url.
When the user clicks the url they are taken to a page where they can choose a new password.
The token should only work for the next 15 minutes or so, if the user is too slow they must try again.