Announcement

Collapse
No announcement yet.

Customer Password Reset Info

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Customer Password Reset Info

    Almost a year ago, burch posted some REALLY helpful information about the customer password hashing: http://extranet.mivamerchant.com/for...ncryption-Info

    Using this information, I was able to create a compatible library in PHP that so far is working great for us (in testing). My next step, I want to create a compatible library for the password reset portion too. Would it be possible to get burch (or whomever) to post how the customer password reset token is generated? Also, possibly, the generated customer password as well, if that's not seen as a possible security risk to post. I looked and looked through the limited source kit, but I am not familiar enough with the organization there to know for sure if the functions are included in there or not. I did find reference to them, but couldn't find the actual functions for me to recreate.

    I can easily generate my own tokens and passwords (and I am betting that any token stored properly in the database would work for resetting the customer's password), but I figured with all of the effort I went through to create the password compatibilities, I might as well try to keep this compatible too.

    Thanks!

    #2
    Re: Customer Password Reset Info

    You are correct that any value for the token field in the CustomerPasswordReset database will work. There can be only one active reset token per customer at a time and the dt_created field is used to determine if the token has expired.

    The code we use to generate the token is in CustomerPasswordReset_Generate() in features/cus/cus_db.mv
    The code used to generate passwords is in GeneratePassword() in lib/util_public.mv

    Both files are in the LSK.

    Comment


      #3
      Re: Customer Password Reset Info

      That's exactly what I needed. Thanks.

      Comment

      Working...
      X