personally I prefer the method adopted by most of the websites... they send you a link valid for x minutes that you can use to reset your password.
I find very annoying that anybody can reset my password ! On Sun, Jul 26, 2009 at 10:05 PM, Yarko Tymciurak <yark...@gmail.com> wrote: > This is a design topic - I think what you expect and what others would > expect for this will vary. > > I think this could be less secure (what if someone asks for a password > reset because someone saw their password, and reset to their own?). > > In any case, if you want to only enable a new password after the > validation, you would need to store it, and extend the Auth class, and > modify change_password accordingly. > > > > On Sun, Jul 26, 2009 at 3:15 PM, Sebastian E. Ovide < > sebastianov...@gmail.com> wrote: > >> Hi All, >> >> retrieving a new password, if the SMTP is down, I am getting (correctly) >> an flash saying "unable to send mail". At this point, as the email could not >> been sent, I would expect having the same password... but web2py is still >> assigning a new password... >> >> is it a bug or is working as designed ? >> >> thanks >> >> -- >> >> Sebastian E. Ovide >> >> >> >> >> >> > > > > -- Sebastian E. Ovide skype: seezov +353 87 6340149 Sent from Dublin, Ireland --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "web2py-users" group. To post to this group, send email to web2py@googlegroups.com To unsubscribe from this group, send email to web2py+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/web2py?hl=en -~----------~----~----~----~------~----~------~--~---
