Secure Password Reset Form

Secure Password Reset Form

We need to be able to securely provide passwords to our clients. The idea is to have a very simple system with front-end and back-end:

– Admin login (or can be protected by .htaccess)
– Required Field for email address
– Required Field for password
– Optional Field for Name.
– Submit/Reset button
– Report menu indicating whether a user viewed the password or not

– The User receives an email asking them to visit a secure URL (defined by the application) to view their password

Security Requirements:
– Admin should not be able to email more than one person at a time
– Password must be deleted immediately after the user views it
– Password must be deleted after 48 hrs if no user views it
– The URL to view the password must not be guessable by human/machine.
– The password should NOT be stored anywhere at all once the user views it.
– The system should work on PHP4/PHP5 either with or without mySQL (prefer without mySQL).
– The system should be able to sanitize inputs/outputs against injection attacks.
– No sensitive information should be leaked in anyway or shape.

Optional: Contribute the script to the open-source community.

Please respond with your quote and time estimate.

Leave a Reply

Your email address will not be published. Required fields are marked *