[pmwiki-users] A robust user registration module
list_ob at gmx.net
Wed May 26 02:17:17 CDT 2010
>> One of the most useful things you can do with a verified e-mail
>> address that's linked to a user account is to use it to reset a
>> password. With the above method, where is the email address kept? If
>> you immediately forget the e-mail address, why do you verify it in the
>> first place?
>I don't totally agree with this. A password reset could be approached
>using the same mechanism that was used for an initial register.
how do yo prevent that someone "hijacks" an account?
The (stored) e-mail address is an independent authentication method.
Without this, "forgot password" is a PITA for the admin.
Besides this, I'm happy with HtpasswdForm.
More information about the pmwiki-users