CODEWITHSUNDEEP
pythondjangodjango-modelsdjango-templatesdjango-views
rv_k
rv_k

Reputation: 2403

Forgotten password implementation in Django

I am trying to implement a forgot password functionality in my django application. I have given a seperate forgottenPassword.html, where user can give his email id ; and if that email is registered(found in database) , corresponding password of that email is fetched and sent to his email id.This is what i am trying to achieve. Being a Django newbie i am stuck with the implementation. This is my forgottenPassword.html 

<form name="forgotPassword" method="POST" id="myFormid" action="http://10.1.0.90:8080/forgotPassword/">
<div style="float:center;width:100%;">
 Enter your E-mail ID</label><br/> <input type="text" name="email" size="25" /> 
 <input type="submit" value="Submit" />
 </div> 
</form >

my method in views.py is 

def forgotPassword(request):
    if request.POST:
        email=request.POST.get("email")
        print email
        user = UniversityDetails.objects.filter(email=email)
        print user
        if(not user):
            print "No user"
            return render_to_response("forgotPassword.html")
        else:   

            ???????????????
            return render_to_response("passwordRecovery.html")
    return render_to_response('forgotPassword.html')

Here, what i try to achieve is to pass the email id entered in forgottenPassword.html and save it in a variable 'email'. After that fetch all the objects with that email from database. and to filter password from it. I guess the part where i put ???? should be filled with a query to fetch the password corresponding to that email id. Can somebody help me to do this.

Upvotes: 4

Views: 6678

Answers (2)

Daniel Roseman
Daniel Roseman

Reputation: 599450

There is (by design) no way to do this. You cannot get the password for a user, because it is only stored in the database as a secure hash, and there is no way of reversing that hash.

However, Django does provide a built-in reset password implementation in contrib.auth - see the documentation.

Upvotes: 20

Yuji &#39;Tomita&#39; Tomita
Yuji &#39;Tomita&#39; Tomita

Reputation: 118438

rv_k, I just want to say I've recommended you look at the django.contrib.auth instead of your current system because you are storing passwords as plaintext.

That said, to answer your question, you've already pulled your UniversityDetails query matching the email. Assuming there's only 1 email per "user", use a get query instead.

user = UniversityDetails.objects.get(email=email)
send_mail("Your PW", user.password, "[email protected]", [email])

Upvotes: 5

Related Questions