What link are you using? You should be using
http://..../user/request_reset_password and you should auth.settings.actions_disabled=['retrieve_password'] On Apr 19, 9:22 am, "Abdul R. Gani" <[email protected]> wrote: > Same weakness exists. > > > > On Mon, Apr 19, 2010 at 12:10 PM, Rohan <[email protected]> wrote: > > Hi All, > > > Currently my retrieve password application sends new password directly > > to user. Anyone can reset password of any other user as long as they > > know the email id. So I want to customize the process and want to send > > a mail to user asking user to verify email and reset password from > > some link provided in that page something like verification of email > > while registering. > > > Any pointers? > > > Thanks > > Rohan > > > -- > > Subscription settings:http://groups.google.com/group/web2py/subscribe?hl=en > > -- > -- > InfoStream Technologies > [email protected] > +27-82-888-1193http://www.infostream.co.za
