[SOLVED]Password Recovery UI tip

sasori · December 2, 2010, 2:35am

Hi, at my registration form, I let the user choose a pre-made secret question

or choose to write his own secret question and then provide the answer for it.

Now, can you guys give me some tips/suggestions/comments how to approach

the UI for the recovery of the password ?

if I’ll just provide an email input form and send a reset password link,

the saved secret question and secret answer saved in the db table will look useless and

no purpose at all XD

mdomba · December 2, 2010, 8:48am

I don’t understand your problem…

If you have a secret question… than the user has to answer that question to get the password…

So you provide the input for the username or email… after that display the question… and check the input if equals to the answer in the database…

only then you send the password

sasori · December 2, 2010, 9:06am

The thing is, I encrypted the passwords in sha1, there’s no retrieving that’ll happen.

with regards to the secret questions, I have two options set for the user during registration process

select a premade question from an array OR write own question in a textarea

am thinking how to match custom input secret question against the custom secret question that was saved by the user during the time he registered

before sending a reset link to his email address

mdomba · December 2, 2010, 9:33am

I still don’t see where is the problem…

Regardless if the user has chosen a premade question or typed a custom one… in the database you need to have saved the question (be it a chosen one or a custom one)

As for the passwords… that’s right… there is no password recovery but a password reset in question…

sasori · December 2, 2010, 9:36am

ok, sorry if my thread is a bit blurry lol, thanks for your opinion about it.

mdomba · December 2, 2010, 9:44am

No problem, hope it helps you somehow

Anyway I just looked at your other thread

As I wrote above… in my opinion it would be easier for you if you have only one filed in the database - "secret question"… and then regardless if it was chosen as a predefined one… or typed as a custom one… save that question to the database…

This way in the future if you find that your predefined questions are outdated and needs to be changed you can just change them, because all previously registered users has the old question saved in the database and no harm done… on the other side if you save just the number of the question… you cannot change them in the future…

tri · April 14, 2020, 10:08am