SMF 2.0.19 has been released! Please update. Read more.
Started by Jotade29, November 28, 2022, 09:19:25 PM
Quote from: Kindred on November 28, 2022, 10:41:26 PMNo... there is not. And studies have shown that requiring password resets results in LESS secure passwords
Quote from: Kindred on November 29, 2022, 01:27:08 PMthe option to change your password is already part of SMF... the option to ask for a password reset because you forgot your password is already part of SMF.as I said, FORCING users to change a password results in passwords like myPassword123! being changed to myPassword456! and so on...Instead, requiring a secure password to begin with and allowing the user to keep that password means that you are more likely to get something like HVVK78ecw7dsds0^&%Deleting the data in the password column is ****NOT**** the way to go about doing what you are asking, however.You would have to write a script that tracks time and forces the user to enter a new password at the next login after time > x
Quote from: Kindred on November 29, 2022, 02:10:13 PMthe validation_code field being blank doesn't mean anything....do not reset password_salt - everwait... are you afraid of someone else re-using the link with the activation/validation code?the data is checked -- if someone uses a code AND the account is already active, then SMF ignores the activation and triggers an error (already activated). The validation code only works if the account is in an INACTIVE state. (is_activated = 0 (not completed registration/activation) or is_activated = 2 (user has changed emails)
Quote from: Kindred on November 29, 2022, 04:41:45 PMwhy? Let's take a step back...What exactly are you trying to accomplish as an end result?
Quote from: Jotade29 on November 29, 2022, 07:27:58 PMQuote from: Kindred on November 29, 2022, 04:41:45 PMwhy? Let's take a step back...What exactly are you trying to accomplish as an end result?Thanks u support, KinWhat I'm trying to do is have the validation code field cleared every 24 hours. It makes no sense to request a password change and not follow the link with the code.