Reset by mail tokens

Configuration file: self-service-password/config.inc.php

How it works?

First, the user will enter his login and his mail address. A mail is sent to him.

Then, the user click on the link in the mail, an can set a new password.

PHP sessions are used to store and retrieve token on server side.

Activation

You can enable or disable this feature with $use_tokens:

$use_tokens = true;

Attribute

Set the attribute where the user email is stored:

$mail_attribute = "mail";

Security

You can crypt tokens, to protect the session identifier:

$crypt_tokens = true;

You should set a token lifetime, so they are deleted if unused. The value is in seconds:

$token_lifetime = "3600";
Token deletion is managed by PHP session garbage collector.