[colug-432] I lost my password code and LiveUser.

[Vince Herried]

re  my previous message on LiveUser.  I want
to create a "Please send me a new password" feature.

My setup for LiveUser requires a login id and a password
to get some one logged in.  I also have a couple of other
items required when the user registers.

My first thought was to ask the user to give me their loginid
and email, then reset their password with a new one and send
it to them ( LiveUser used md5sum to store the information in
a database table ).  The obvious problem with this is
if some nefarious person guesses your loginid and password combination
the can make life pain for their  target by resetting the persons password
over and over.  The nefarious one can't get on but make the targets life
gloomy.

My solution was to create two new  columns in my data base.
a "NewPassword" and a "NewPasswordTime".  When
someone correctly enters a valid userlogin id and email
create a new password and time stamp it and stuff in the
above fields.  Then send the user a link with a long hash / md5sum
entry which would check that the "NewPasswordTime" was withing
24 hours, if so, then move the "NewPassword" into the  effective
password field, thus resetting the  password.

The rub is I can't seem to find any way in the LiveUser class sturctures
(the code is object  oriented with classes and such ) to access
user defined columns in the data base.  I certainly seems  like
it should support them, in the setup configuration it gives one
the option to define extra fields.  I'd rather not access the
underlying data base directly if possible.

So two questions are 1. any suggestions for a non painful reset my
password function, and 2. How to  add extra data to LiveUser tables
and access it via LiveUser built in  functions.

-------
Vince
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.colug.net/pipermail/colug-432/attachments/20130131/ed69e900/attachment-0001.html