Ditto, except I use a 24-hour period, which is a bit aggressive. Also
on the first login the user is prompted to enter a hint and an answer
for future forgotten-password routine use. The hint is encrypted and
the answer is stored as a salted hash.
--
-...@robertson--
Janitor, The Robertson Tea
Jim McAtee wrote:
> Just wondering how others are dealing with public member signups that
> require an email activation?
I've essentially done the same thing at DtDNS for ten years without any
trouble. If they try to log in they get the error and are directed to
the "lost password" routine.
Just wondering how others are dealing with public member signups that
require an email activation?
What I'm doing on a new site that I recently set up is sending out the
activation as soon as someone registers. If a user tries to login with an
account still in the unactivated state, they're s
3 matches
Mail list logo