I am allowing my customers to give themselves a 6-digit alphanumeric code when they signup for my services. It seems when they type in their email address, the script would grab their associated 6-digit code and mail it to them? Isn't this possible? thanks.
Right now I have a mysql database which holds all of the customer's names, including the email and 6-digit passcode. I have a link on the sign-in page that says "forgot your 6-digit passcode?"
I want them to be click on this link, type in their email at the subsequent page, then have their 6-digit passcode pulled from the database based on their submitted email and emailed to them. Any ideas?
With any type of security application, in your case a custoemr login, it's a good idea to force users to authenticate a number of ways before you will (reset) their password. I say reset because I think it's a bad idea to email passwords, even though this has become a largely acceptable thing to do. You might consider this type of a situation.
1. Customer clicks on forgot password link
2. Customer enters email address
3. Form sends info and checks database for existence of email address
4. If email address found, generate email to customer with link that they must click on, link directs them to your web site
5. Upon reaching your web site via emailed link, customer must authenticate secondary piece of information ( mother's maiden name, first pet's name, etc )
6. Form submits, checks database, if authentication matches allow user to create a new password.
If you can find a script, using the "enter the characters seen in the following image" is becoming a popular way to discourage people who want to hammer your forgot password form.
▌ Solar VPS The Best Price to Performance Ratio In Cloud and VPS Hosting
▌ e: [email protected]
▌ The SolarSystem - On Demand VM Creation, DNS Control and more.
▌ Speed Test: speed.fortressitx.com
You also could create another table in your database, so when they "reset" their password it inserts a row that has their email, the time, and then will expire after so long. That way if they do click the submit then they only have so long to be able to reset the password.
Then use the above suggestions about mothers maden name, pets name or random numbers to filter things from there.