Version: 1.00, by Parker Clack
Developer Last Online: Nov 2013
Version: 2.2.x
Rating:
Released: 06-17-2002
Last Update: Never
Installs: 8
No support by the author.
When members sign up to the board they will often times change email addresses but then they don't update their profile to reflect this email change. They then lose their password and the script cannot send them one because the email address doesn't work anymore. This script allows your members to have the option of adding a secret word that will allow them to put in a new email address. They can then go ahead and have the script email them the password reset and they can get back onto the board without you having to look up their account. Now if they forget their password and their secret word well...
Make back ups of all the script and template files that you are about to make as there are several.
My thanks go to Chen (aka Firefly) for assistance with the coding needed to get this to work right.
Note: This file as been updated on 6.25.2001.
After working with this on several sign ups I have found that the section that I added to the user.php file will over write the secret code if you moderate your board or change any member information from the admin control panel. This updated file contains the changes to the user.php file and the rest of the file changes. If you have already installed this hack you only need to make the changes to the user.php as written. Nothing else has changed. If this is your first time installing it go with the layout as in the hack.
Parker
Show Your Support
This modification may not be copied, reproduced or published elsewhere without author's permission.
My tip is just don't forget your password. If you can remember the secret word, you should also remember your password (since its more important).
Good idea though, but I think a "secret question" hack providing the questions would be better. Like "What is your mom's maiden name?" And then you supplying an answer.
I have installed it and been looking over it...and something occurred to me.
You start this process as an unlogged-in member. The system has no idea who you are. You click the link to use if you've lost your password. On the lost password form, you click the new link that's there as part of this hack that takes you to a new form where you put in your secret word and new email address.
Because you never had to tell the system who you are, the system must look for the secret word in the database, then modify the account (by changing the email address) that the secret word was found in.
But what if more than one person should happen to be using the same secret word? Suppose someone else has used the same secret word that I did; if I then go through the lost pw process and put in that secret word, couldn't the system find the other person's account first, reset that account with my new email address, and reset that account's password?
Secret Word Hack Details »»
About Developer
No support by the author.
06-18-2002, 03:29 AM
