DaveG wrote: >> One of the most useful things you can do with a verified e-mail >> address that's linked to a user account is to use it to reset a >> password. With the above method, where is the email address kept? If >> you immediately forget the e-mail address, why do you verify it in the >> first place? >I don't totally agree with this. A password reset could be approached >using the same mechanism that was used for an initial register.
how do yo prevent that someone "hijacks" an account? The (stored) e-mail address is an independent authentication method. Without this, "forgot password" is a PITA for the admin. Besides this, I'm happy with HtpasswdForm. Oliver _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
