1
I have a website that's 4 years old which I used to run on phpNuke and have now converted to Xoops. The simple Forgot Password won't work as it stands because many members have changed their email addresses over the years. My thoughts at the moment are to have something that will allow people to look up their username and old email address and then change the email address. This would then send out a verification email that the user would need to click a link in to verify. Then they could use the Forgot Password link to keep their account. All of this information, including maybe the IP address would then be stored in a table and sent to the site admin for logging purposes. I would also like to limit the number of email changes to maybe once every 3 months or something to help eliminate fraud. Any suggestions, ideas or problems you might see using this method?
Cheers