Differences

This shows you the differences between two versions of the page.

Link to this comparison view

documentation:self-service-password:0.8:config_tokens [2017/01/25 12:09] (current)
Line 1: Line 1:
 +====== Reset by mail tokens ======
 +
 +<​note>​Configuration file: ''​self-service-password/​conf/​config.inc.php''</​note>​
 +
 +===== How it works? =====
 +
 +First, the user will enter his login and his mail address. A mail is sent to him.
 +
 +Then, the user click on the link in the mail, an can set a new password.
 +
 +<​note>​PHP sessions are used to store and retrieve token on server side.</​note>​
 +
 +===== Activation =====
 +
 +You can enable or disable this feature with ''​$use_tokens'':​
 +<file php>
 +$use_tokens = true;
 +</​file>​
 +
 +===== Mail configuration =====
 +
 +See the [[config_mail|mail configuration documentation]].
 +
 +===== Security =====
 +
 +You can crypt tokens, to protect the session identifier:
 +<file php>
 +$crypt_tokens = true;
 +</​file>​
 +
 +You should set a token lifetime, so they are deleted if unused. The value is in seconds:
 +<file php>
 +$token_lifetime = "​3600";​
 +</​file>​
 +
 +<note important>​Token deletion is managed by PHP session garbage collector.</​note>​
 +
 +===== Log =====
 +
 +By default, generated URLs are logged in the default Apache error log. This behavior can be changed, to log in a specific file:
 +
 +<file php>
 +$reset_request_log = "/​var/​log/​self-service-password";​
 +</​file>​
 +
 +<note important>​Apache user must have write permission on this file.</​note>​