Best Temp Pass Autoresponder?

Rick Harrison harrison at all-auctions.com
Sun Jul 14 13:20:03 EDT 2019


Hi Alex,

Thanks for getting back to me.

Your suggestion of no password is interesting,
but in my particular case it isn’t the right solution
for me.

In the meantime, I took a step back from the work
that gave me an alternate insight as to how it
needs to work.

The main snag I’m working on now is setting up
the server to send out the email to the user.

This morning I’m looking at the shell commands
and at tsNet SMTP possible solutions.

Thanks,

Rick

> On Jul 13, 2019, at 3:27 PM, Alex Tweedly via use-livecode <use-livecode at lists.runrev.com> wrote:
> 
> It's kind of hard to answer that without knowing how your passwords are set up and managed already, or what/how you need to use or check them.
> 
> So I won't answer directly, but offer a sideways suggestion ....
> 
> Don't have passwords.
> 
> Nearly all sites that have passwords offer some kind of recovery mechanism - which almost always uses a (verified and registered) email address to send a recovery link. So just skip the step of having passwords at all  - and have a mechanism that users can type in their email address, and be sent a short-lived, one-time use link to their email address.
> 
> When requested you generate a token, store that in your database (or whatever), and then send an email that might look something like ...
> 
>> To login to kilmelford.com, please click on the link below.
>> http://kilmelford.com/lcms.lc9/login_request/email/2019-07-13_15:17:47_df2471f6a4b8...de964b3ec
>> 
>> If you did not ask for a login code/link to be sent to you,
>> please let us know by forwarding this email toinfo at kilmelford.com
> (obviously that's not the correct full code :-), and when you get a request like that, you compare the token with your database (and check whether it has expired or not), and if OK then you log the user in and remove the entry for this token.
> 
> When I "log the user in" I send them a cookie that verifies their status, and which expires in a limited time (say one day, or one week), and after that they just request a new emailed token/link.
> 
> Alex.
> 
> On 13/07/2019 18:03, Rick Harrison via use-livecode wrote:
>> I need to set up a temporary password
>> email autoresponder for my website
>> using LC if at all possible.  This would
>> obviously be for people who have
>> forgotten their password and need
>> a temporary one.
>> 
>> I realized I’m probably not the only
>> one here who has run into this problem,
>> and I don’t want to reinvent the wheel.
>> 
>> What is the best approach and does
>> anyone have a solution that is working
>> well for them?
>> 
>> Thanks,
>> 
>> Rick
>> _______________________________________________
>> use-livecode mailing list
>> use-livecode at lists.runrev.com
>> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
>> http://lists.runrev.com/mailman/listinfo/use-livecode
> 
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode





More information about the use-livecode mailing list