In authlogic, I set the password field to "crypted password" Is there a way to display a password, even if its "crypted"? What if the user forgets the password and needs to recover it? How can I recover a crypted password? Thanks -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Thu, Jun 24, 2010 at 9:17 AM, David Zhu <dzwestwindsor45-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> In authlogic, I set the password field to "crypted password" > > Is there a way to display a password, even if its "crypted"? What if > the user forgets the password and needs to recover it? How can I > recover a crypted password?You don''t "recover" it. You reset it. User types in username, clicks "reset password". You lookup email address of user in DB and email them a link with a secret token which allows them to choose a new password. The secret token is kinda like a one-time-password which only lets them change their password. You''ve prolly seen this sort of thing with many websites? -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
> > In authlogic, I set the password field to "crypted password" > > > Is there a way to display a password, even if its "crypted"? What if > > the user forgets the password and needs to recover it? How can I > > recover a crypted password? > > You don''t "recover" it. You reset it. User types in username, clicks > "reset password". You lookup email address of user in DB and email > them a link with a secret token which allows them to choose a new > password. The secret token is kinda like a one-time-password which > only lets them change their password. You''ve prolly seen this sort of > thing with many websites?Right, is it difficult to write out that "secret token"? hmm I''m having trouble picturing how the code should look like -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 24 Jun 2010, at 18:28, David Zhu wrote:>>> In authlogic, I set the password field to "crypted password" >> >>> Is there a way to display a password, even if its "crypted"? What if >>> the user forgets the password and needs to recover it? How can I >>> recover a crypted password? >> >> You don''t "recover" it. You reset it. User types in username, >> clicks >> "reset password". You lookup email address of user in DB and email >> them a link with a secret token which allows them to choose a new >> password. The secret token is kinda like a one-time-password which >> only lets them change their password. You''ve prolly seen this sort >> of >> thing with many websites? > > Right, is it difficult to write out that "secret token"? hmm I''m > having trouble picturing how the code should look likeGoogle is your friend: http://www.binarylogic.com/2008/11/16/tutorial-reset-passwords-with-authlogic/ Best regards Peter De Berdt -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Thu, Jun 24, 2010 at 9:28 AM, David Zhu <dzwestwindsor45-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:> >> > In authlogic, I set the password field to "crypted password" >> >> > Is there a way to display a password, even if its "crypted"? What if >> > the user forgets the password and needs to recover it? How can I >> > recover a crypted password? >> >> You don''t "recover" it. You reset it. User types in username, clicks >> "reset password". You lookup email address of user in DB and email >> them a link with a secret token which allows them to choose a new >> password. The secret token is kinda like a one-time-password which >> only lets them change their password. You''ve prolly seen this sort of >> thing with many websites? > > Right, is it difficult to write out that "secret token"? hmm I''m > having trouble picturing how the code should look likeHave you tried googling for "authlogic reset password"? If not, why not? -- Aaron Turner http://synfin.net/ Twitter: @synfinatic http://tcpreplay.synfin.net/ - Pcap editing and replay tools for Unix & Windows Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. -- Benjamin Franklin "carpe diem quam minimum credula postero" -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On 24 Jun 2010, at 18:28, David Zhu wrote:> Right, is it difficult to write out that "secret token"? hmm I''m > having trouble picturing how the code should look like... and http://github.com/rejeep/authlogic-password-reset-tutorial -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
http://www.google.com/search?q=authlogic+forgot+password <http://www.google.com/search?q=authlogic+forgot+password>Be careful. Some examples may be quite old, but it will give you the big picture of how to implement this. This one is quite interesting (and seems to be up to date): http://github.com/rejeep/authlogic-password-reset-tutorial <http://www.google.com/search?q=authlogic+forgot+password> -- Fernando Brito -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.