a.alz82
New member
Hey everyone,
I need to introduce new mandatory field upon new user registration - "secret word". Apart from the standard required fields such as login and password I need to have new one there as well.
What is this thing needed for? The "seceret word" is another authorization method along with usual password & it plays role of password reset. Once user wants to restore his password he undergoes the usual procedure: forgot password -> login input + secret word input -> DB query whether the secret word matches or not -> if matched: new password input + its input in DB. In case the secret word is not matched then the user gets denial.
Secret word is required to be entered upon every authorization along with username & password unless there is an open session already.
Secret word CAN NOT be changed.
There should be another parameter created in the DB corresponding to each and every user called "secretword" or so and it has to be hashed.
What exactly is needed:
0. Create compulsory field upon registration: jabber / telegram
1. Create compulsory field upon registration: "Secret Word"
2. Remove and disable email field upon registration
3. Remove any interference with email
4. Create possibility for admin to change secret word through the admin panel for any user (just like in case with password)
5. Force every registered user to input their secret word: terminate every active sessions, ask to input secret word in order to gain access to the forums, save the secret word in the DB - hashed.
Thanks!
I need to introduce new mandatory field upon new user registration - "secret word". Apart from the standard required fields such as login and password I need to have new one there as well.
What is this thing needed for? The "seceret word" is another authorization method along with usual password & it plays role of password reset. Once user wants to restore his password he undergoes the usual procedure: forgot password -> login input + secret word input -> DB query whether the secret word matches or not -> if matched: new password input + its input in DB. In case the secret word is not matched then the user gets denial.
Secret word is required to be entered upon every authorization along with username & password unless there is an open session already.
Secret word CAN NOT be changed.
There should be another parameter created in the DB corresponding to each and every user called "secretword" or so and it has to be hashed.
What exactly is needed:
0. Create compulsory field upon registration: jabber / telegram
1. Create compulsory field upon registration: "Secret Word"
2. Remove and disable email field upon registration
3. Remove any interference with email
4. Create possibility for admin to change secret word through the admin panel for any user (just like in case with password)
5. Force every registered user to input their secret word: terminate every active sessions, ask to input secret word in order to gain access to the forums, save the secret word in the DB - hashed.
Thanks!
Last edited: