CakePHP Forgotten/Reset Password

Question

I'm trying to get my head around the process of creating a Forgotten password function in cakephp 2.1. This is what I want to happen.

1. User clicks on the forgotten password link
2. Enters their email
3. Cake checks that the email exists
4. If it does they are sent a link with some sort of random string attahced appended to a url
5. They click on the link and enter a new password
6. The password in the db is updated
7. User can log in

I found this post but I hoped someone would be able to provide me some sample code to look at.

Many thanks in advance

Answer 1

I have recently done something like this in a personal project. It may not be the best solution but this is my process:

1. user not logged submits his email in a 'recover password' form.
2. controller find the email's owner, if any, generate a code and save it to a dedicated column in the user model. Then send a coded link to the e-mail, which has both, the user id and the generated code.
3. user access his e-mail and click the link.
4. controller receivers the param and splits it in the code and id, read the user id and check if the code match, if so, show new password form, if not, clear the code and ask user to restart the process.

notes.

• I use uuid for user id and a 10 length random string for the code. I join both by a '_' to make the code sent to email.
• In my implementation the code won't expire by time but if the user logs on or misses (most likely by guessing) the code will clear.