[SOLVED]Password Recovery UI tip

Hi, at my registration form, I let the user choose a pre-made secret question

or choose to write his own secret question and then provide the answer for it.

Now, can you guys give me some tips/suggestions/comments how to approach

the UI for the recovery of the password ?

  • if I’ll just provide an email input form and send a reset password link,

the saved secret question and secret answer saved in the db table will look useless and

no purpose at all XD

I don’t understand your problem…

If you have a secret question… than the user has to answer that question to get the password…

So you provide the input for the username or email… after that display the question… and check the input if equals to the answer in the database…

only then you send the password

The thing is, I encrypted the passwords in sha1, there’s no retrieving that’ll happen.

with regards to the secret questions, I have two options set for the user during registration process

  • select a premade question from an array OR write own question in a textarea

am thinking how to match custom input secret question against the custom secret question that was saved by the user during the time he registered

before sending a reset link to his email address

I still don’t see where is the problem…

Regardless if the user has chosen a premade question or typed a custom one… in the database you need to have saved the question (be it a chosen one or a custom one)

As for the passwords… that’s right… there is no password recovery but a password reset in question…

ok, sorry if my thread is a bit blurry lol, thanks for your opinion about it.

No problem, hope it helps you somehow :)

Anyway I just looked at your other thread

As I wrote above… in my opinion it would be easier for you if you have only one filed in the database - "secret question"… and then regardless if it was chosen as a predefined one… or typed as a custom one… save that question to the database…

This way in the future if you find that your predefined questions are outdated and needs to be changed you can just change them, because all previously registered users has the old question saved in the database and no harm done… on the other side if you save just the number of the question… you cannot change them in the future…