Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to give pwd reset link an expiration time?

Status
Not open for further replies.
Blueie

Blueie

Technical User
May 12, 2012
72
0
0
GB
Hello

I am groping in the dark a little here.

I am hoping to put together some code whereby a user receives a link in his inbox to reset his password.

Following a couple of (outdated) tutorials, I have this in my code:

Code: 
 cmd = New OleDbCommand("UPDATE university SET uniqueCode=@uniqueCode where strEmail = @strEmail", conn)

cmd.Parameters.AddWithValue("@uniqueCode", uniqueCode)
cmd.Parameters.AddWithValue("@strEmail", strEmail.Text.Trim())

End If

Dim strBody As New StringBuilder()

strBody.Append("<a href=[URL unfurl="true"]http://localhost:2464/SampleApplication/ResetPasswordVB.aspx?emailId="[/URL] + strEmail.Text & "&uniqueCode=" & uniqueCode & ">Click here to reset your password</a>")

Should this strBody be a column in my Access database (not clear from the tutorial), and would the uniqueCode be displayed in a column like
this?

uniqueCode_bb2r4h.jpg


If so, how would I give the link a lifespan of X hours?

Many thanks.
 
Sort by date Sort by votes
I don't know what code you looked at, but I would assume that uniqueCode is a code that is placed in your query string.
Then when you go to the page, you grab that value and look it up in your table.
To add the expiration time, you can add a column to your table that has a datetime column. This value would be set when you insert the row into the table.
Once you get the row you are looking for, compare the current time with the datetime in the expiration column.

Also, on another note, you should never save your passwords as plain text. This is a major security issue. If someone were to hack your DB, they would have everyone's user name and password.
 
Upvote 0 Downvote
Hello jbenson001

Thanks for replying.

Once the site is up and running the passwords will be hashed/salted.

Do you mean that adjacent to the uniqueCode column, I would have another column called, let's say, timeLimit, and that the whole column is a DateTime columm whose properties, I think, are set in Design view?

Thanks again.

 
Upvote 0 Downvote
No, what I mean is, when someone clicks the "Forgot Password" link on your page, you would update a column called "timeLimit" with the current date/time with the date/time + say 3 hours.
Then you can use that column to compare to the current date/time to see if it has expired.
 
Upvote 0 Downvote
So, clicking on the Forgotten Password link would trigger an insertion (not really an update because it may be the first time) of X amount of hours and that would be recorded in the timeLimit column?

OK. Thanks. I am not sure I would be able to code that!

I would need to display another message to the user that the X amount of hours had expired.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Makumbi256
  • Question
How to make days vertical and grid view editable using asp.net vb
Replies
0
Views
173
Makumbi256
Makumbi256
AhmedAzizBarbary
  • Locked
  • Question
How to read data response body after success login razor page ?
Replies
0
Views
292
AhmedAzizBarbary
AhmedAzizBarbary
AhmedAzizBarbary
  • Locked
  • Question
How to pass list of checkboxes not checked on page model razor page?
Replies
0
Views
315
AhmedAzizBarbary
AhmedAzizBarbary
a6green
  • Locked
  • Question
How to configure AT&T / Avaya Definity G3 incoming ISDN trunk
Replies
2
Views
289
a6green
a6green
Makumbi256
  • Locked
  • Question
how can i convert this code to cshap
Replies
1
Views
246
xwb
xwb

Part and Inventory Search

Sponsor

Back
Top