Add forgotten password link to login

[mike]

We should have a forgotten password function which sends the password of the administrator to the administrative email address. We should also add the administrative email address as an input field within the install script.

[anti]

It's impossible to send the password, because it is not stored in plaintext anywhere. But we could generate an url with a special hash, store that hash in the config table for example, then mail that generated url.

That url would then allow changing of password without entering the old one.

Alternatively, we could implement reset password functionality, by simply generating a new random string for password and then mailing that out to the admin, but that would then require some additional authentication - like asking for Mothers maiden name or something in that vein before resetting the password - otherwise anyone could just reset passwords on any Plogger sites out there.

[dummy]

Um. Yes, this would be great, especially as I've forgotten mine. Any hints on where to poke around to reset it ?

[mike]

You'll have to use phpMyAdmin or another database management product to interface with your database. Check your website control panel, they will have something installed for sure.

Navigate to the config table (plogger_config) and change the password field. The password is not saved plaintext, so you'll need to apply the function MD5 hash to save your password in the proper format. If this doesn't work, try just blanking the field to null and logging in without a password. Then you can change the password from the admin panel within Plogger.

[sidtheduck]

I was thinking of implementing this idea of resetting the password link. Maybe similar to Wordpress where you have to enter either the username or email address that is located within the database. I don't know that we would need to implement any "secret question" type "mother's maiden name" or anything like that. Thoughts?