Password Reset and First Time Login

Author: Dave G.

Visited 1230, Followers 2, Shared 0

Tags: password,profile,reset,security,website x5 professional 15

In x5 v15 the imlogon.php provides the Forgot Password option which changes the user password and sends an email with the new password to the user. However, this is a poor security process and there is no way for the user to change / reset the password.

A better process would be to create a temporary file with the new password and send the url to the user to retrieve the password (perhaps with some security checks / questions). Then on first logon have the user change the password to something they will remember going forward. This same password reset function used for first logon could be offered as a password reset function so that users can change and manage this on an on-going basis.

Regards!

Dave

Posted on the 05/07/2018 22:02:51

User
Author

What is described above is the ideal functionality, while a simplier solution is to add a flag to the Members table that is set on a password reset that then forces the user to enter a new password upon the first logon after the password reset. Once the new password is validated then the flag is cleared.

Posted on the 05/27/2018 13:36:28 from Dave G.