All you need to reset someone's password is their email address. What if someone used this to annoy people, and reset everyone's password, including the administrator?
I think you should have the form instead send the current password to the email address, not a new one. It would be more practical.
But suffice it to say that if a visitor can learn the email addresses of all your members then your members have bigger problems to deal with, namely loads of spam. Don't publish them.
0/5
1
2
3
4
5
This thread is closed, so you cannot post a reply.
Comments on Reset Password
Member
Usergroup: Customer
Joined: Mar 01, 2007
Total Topics: 14
Total Comments: 19
All you need to reset someone's password is their email address. What if someone used this to annoy people, and reset everyone's password, including the administrator?
I think you should have the form instead send the current password to the email address, not a new one. It would be more practical.
developer
Usergroup: Administrator
Joined: Dec 20, 2001
Location: Diamond Springs, California
Total Topics: 61
Total Comments: 7868
It's up to you whether it does or not: scripts.webmastersite.net/w...rticles/Passwords-137.html
But suffice it to say that if a visitor can learn the email addresses of all your members then your members have bigger problems to deal with, namely loads of spam. Don't publish them.