×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Contact US

*
*
*
*

Thanks. We have received your request and will respond promptly.

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

How to give pwd reset link an expiration time?

thread855-1760772

How to give pwd reset link an expiration time?

How to give pwd reset link an expiration time?

(OP)
Hello

I am groping in the dark a little here.

I am hoping to put together some code whereby a user receives a link in his inbox to reset his password.

Following a couple of (outdated) tutorials, I have this in my code:

CODE

cmd = New OleDbCommand("UPDATE university SET uniqueCode=@uniqueCode where strEmail = @strEmail", conn)

cmd.Parameters.AddWithValue("@uniqueCode", uniqueCode)
cmd.Parameters.AddWithValue("@strEmail", strEmail.Text.Trim())

End If

Dim strBody As New StringBuilder()

strBody.Append("<a href=http://localhost:2464/SampleApplication/ResetPasswordVB.aspx?emailId=" + strEmail.Text & "&uniqueCode=" & uniqueCode & ">Click here to reset your password</a>")

Should this strBody be a column in my Access database (not clear from the tutorial), and would the uniqueCode be displayed in a column like
this?



If so, how would I give the link a lifespan of X hours?

Many thanks.

RE: How to give pwd reset link an expiration time?

I don't know what code you looked at, but I would assume that uniqueCode is a code that is placed in your query string.
Then when you go to the page, you grab that value and look it up in your table.
To add the expiration time, you can add a column to your table that has a datetime column. This value would be set when you insert the row into the table.
Once you get the row you are looking for, compare the current time with the datetime in the expiration column.

Also, on another note, you should never save your passwords as plain text. This is a major security issue. If someone were to hack your DB, they would have everyone's user name and password.

RE: How to give pwd reset link an expiration time?

(OP)
Hello jbenson001

Thanks for replying.

Once the site is up and running the passwords will be hashed/salted.

Do you mean that adjacent to the uniqueCode column, I would have another column called, let's say, timeLimit, and that the whole column is a DateTime columm whose properties, I think, are set in Design view?

Thanks again.

RE: How to give pwd reset link an expiration time?

No, what I mean is, when someone clicks the "Forgot Password" link on your page, you would update a column called "timeLimit" with the current date/time with the date/time + say 3 hours.
Then you can use that column to compare to the current date/time to see if it has expired.

RE: How to give pwd reset link an expiration time?

(OP)
So, clicking on the Forgotten Password link would trigger an insertion (not really an update because it may be the first time) of X amount of hours and that would be recorded in the timeLimit column?

OK. Thanks. I am not sure I would be able to code that!

I would need to display another message to the user that the X amount of hours had expired.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login
Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close