Pilen
commented
10 years ago Done. As stated in commit 3901df307bbaf2305effc9e6aca97b541948e572 the code for login in is now duplicated, we might want to refactor that.
Closed Pilen closed 10 years ago
Pilen
commented
10 years ago Done. As stated in commit 3901df307bbaf2305effc9e6aca97b541948e572 the code for login in is now duplicated, we might want to refactor that.
We should have a mechanism for forgotten passwords I imagine a mechanism like the invitationsystem.
A random token associateted with the user is generated and stored in the database (like User_creation_keys but with a username field). Then send the token to the users email (the one stored in their profile) as part of an url.
When the user clicks the url they are taken to a page where they can choose a new password.
The token should only work for the next 15 minutes or so, if the user is too slow they must try again.