2011-11-22, 05:53 PM
Pages: 1 2
2011-11-22, 06:24 PM
Heck I very much agree with this now. A security questions would be a good option and an extra layer of security.
If this isn't done, Paul i'd like you to code something for this if possible or I might make this off in some free time, although seeing current situations and troubles I am currently in, its a long shot for me.
If this isn't done, Paul i'd like you to code something for this if possible or I might make this off in some free time, although seeing current situations and troubles I am currently in, its a long shot for me.
2011-11-22, 08:12 PM
It's how gmail, yahoo, and tons of email providers do it.
I'll start a plugin later today.
http://community.mybb.com/thread-108247.html
I'll start a plugin later today.
http://community.mybb.com/thread-108247.html
2011-11-23, 09:36 PM
I really like this idea as I'm currently on a free hosting service that has since disabled all Email functions due to 'massive abuse', as they put it, of their servers. -- I guess some people still can't abide by simple free-hosting rules.
Question: Will this proposed plug-in allow an existing (new, non-banned or moderated*) forum member the ability to reset their own PW with no email sent requiring a response from them to verify the change?
*banned, moderated or "new" (under 30-days) members should be denied that option. However, "new" members, requesting a PW reset so soon, should be simply be advised to contact a forum staff member.
It may also be a good idea to log ALL PW reset attempts and note whether such was successful or not.
Obviously, this is going to require some rather intense security to prevent one 'malicious' member (or hacker) from resetting another member's PW. -- Perhaps 3-5 questions, ALL requiring a correct answer, should be required for Admins/Mods to 'instantly' be able to reset their own password.
Again, I do like this idea and I am looking forward to a working offical release.
(I would beta-test, but due to my lack of knowledge of PHP/MySql, [I've only written programs in "old" BASIC] the best I could offer is some simple feed-back of whether it functions or fails on my site)
@ Paul H. -- You can PM me if or when you want to give it a 'test drive' on a live, but currently very inactive, forum. -- It's about 2 years away from getting 'busy' again, of which only happens about every 5-years. --
Question: Will this proposed plug-in allow an existing (new, non-banned or moderated*) forum member the ability to reset their own PW with no email sent requiring a response from them to verify the change?
*banned, moderated or "new" (under 30-days) members should be denied that option. However, "new" members, requesting a PW reset so soon, should be simply be advised to contact a forum staff member.
It may also be a good idea to log ALL PW reset attempts and note whether such was successful or not.
Obviously, this is going to require some rather intense security to prevent one 'malicious' member (or hacker) from resetting another member's PW. -- Perhaps 3-5 questions, ALL requiring a correct answer, should be required for Admins/Mods to 'instantly' be able to reset their own password.
Again, I do like this idea and I am looking forward to a working offical release.
(I would beta-test, but due to my lack of knowledge of PHP/MySql, [I've only written programs in "old" BASIC] the best I could offer is some simple feed-back of whether it functions or fails on my site)
@ Paul H. -- You can PM me if or when you want to give it a 'test drive' on a live, but currently very inactive, forum. -- It's about 2 years away from getting 'busy' again, of which only happens about every 5-years. --
2011-11-25, 10:31 PM
I have had this at HF. Works well but idiots forget their security question too. Making recovery a pain.
I'm hoping to do some SMS validation next.
I'm hoping to do some SMS validation next.
2011-11-25, 10:33 PM
How did you do it at HF? A plugin you made? Or is there already a plugin?
2011-11-25, 10:41 PM
A custom plugin I won't share at this time. It's not really release ready anyways. I have some changes for it still.
2011-11-25, 10:44 PM
Should I bother finishing this?
2011-11-26, 05:20 AM
Paul, finish this. Do the changes I've made you aware of in 0.3, not hurry, take your time. SMS thingy would be cool as well to see in the future but I wonder how it'd work.
2011-11-26, 05:24 AM
(2011-11-26, 05:20 AM)crazy4cs Wrote: [ -> ]Paul, finish this. Do the changes I've made you aware of in 0.3, not hurry, take your time. SMS thingy would be cool as well to see in the future but I wonder how it'd work.
A service such as telesign.com can do this, but it's going to cost you a few bucks.
Pages: 1 2