Secret Question v2.4

[Obewanz]

I've just finished this contribution and am looking for a couple folks to help test and polish off the installation docs.

 

I did this contribut back in 2003 time frame, but couldn't find all of my old code. So I decided to just rewrite the thing from scratch and take a different approach. In the older version the secret questions were created by the admin and put into the database, which were then selected via pulldown in the appropriate pages of the site. That is now changed as I felt it would provide an even more secure option by having the questions generated by the customers themselves. The old secret questions table is still there and provides samples of secret questions for customers to use in a plain 2 column text list.

 

I also reset the password to a random password in the database at the password forgotten screen instead of zap it to null or empty so that at least if someone is attempting to gain access the random password will keep them from logging in if they should catch it at the right time. The customer is still forced to enter a new password before moving on and they are asked to change their secrets at that point as well.

 

The secret answer is encrypted in the database using the password encryption routine but the questions are not. This would also give the admin a way to view the questions and pick good ones as examples for other customers. (There is no admin feature to this contribution as yet since everything is really done by the customer - I have another contrib that will let the admin send a random password via email in the event of a real emergency.)

 

Look forward to some feedback from any takers on the beta user.

[Obewanz]

Ok, I think this post should have gone to a different forum so you can find the contrib location, etc in the following post: http://www.oscommerce.com/forums/index.php?showtopic=294603 (General Contributions - Secret Questions)