Gossamer Forum
Home : Products : DBMan : Customization :

Password Lookup w/o Regen

Quote Reply
Password Lookup w/o Regen
Hi!

I'm using the password lookup Mod. Problem is, when a user wants to lookup the password it generates a new one... this could easily be abused. Just enter a users ID and that users pass will change.

Is there any way to make it so that when a user looks up the password, he or she will be sent the CURRENT one, on file?

Would help a lot. And since its sent to the users email address it is secure.

Thanks!! :)

Quote Reply
Re: Password Lookup w/o Regen In reply to
DBMan passwords are one-way-encrypted, meaning there's no way to determine what the current password actually is.

You could probobly quite easily edit the modification to require both username and matching email before the password is sent out. This could reduce abuse a little at least.


- Mark

Astro-Boy!!
http://www.zip.com.au/~astroboy/
Quote Reply
Re: Password Lookup w/o Regen In reply to
The new password is mailed to to the members email account.
No one will be able to use it unless they have access to that account.

Bob
http://totallyfreeads.com