Quote:
Originally Posted by AbsolonShaiya
Sorry I hadn't looked into your password change script but i knew that Users_Detail held the information for password question and answers. if we don't need it though i can deal with that.
|
That's a matter of implementation. How do you want users to be able to change passwords?
I made this really basic so I only used a CAPTCHA on the password change page.
Most web sites require you to be logged in to change your password, and rightfully so. You would want to know the user trying to change a user's password is authorized to do so.
Storing security questions and answers complicates things quite a bit as far as implementation goes.
You really should should be storing passwords as salted hashes when registering users, but almost nobody here is interested in that unfortunately