[pmwiki-users] A robust user registration module

Oliver Betz list_ob at gmx.net
Wed May 26 02:17:17 CDT 2010


DaveG wrote:

>> One of the most useful things you can do with a verified e-mail
>> address that's linked to a user account is to use it to reset a
>> password. With the above method, where is the email address kept? If
>> you immediately forget the e-mail address, why do you verify it in the
>> first place?
>I don't totally agree with this. A password reset could be approached 
>using the same mechanism that was used for an initial register.

how do yo prevent that someone "hijacks" an account?

The (stored) e-mail address is an independent authentication method.

Without this, "forgot password" is a PITA for the admin.

Besides this, I'm happy with HtpasswdForm.

Oliver




More information about the pmwiki-users mailing list