This works by adding a new field to the 'Users' table called 'ResetKey',
which is a 32 characters long, random string. When the user requests a
password reset, a new 'reset key' is generated and sent to the user's
e-mail address in the form of a link in the following format:
http://aur.archlinux.org/passreset.php?resetkey=<reset key>
When the above link is followed, the user is presented with a form to
verify his/her e-mail address and specify the new desired password. If
the e-mail address matches the reset key in the database, the new
password is assigned to the account. If there is an error, a relevant
message is displayed and the user is prompted to re-enter the required
information. Upon successful completion of this procedure, the ResetKey
field in the database is blanked and the specific key cannot be reused.
One SQL query is needed to add the ResetKey field to the 'Users' table:
ALTER TABLE `Users` ADD `ResetKey` CHAR(32) NOT NULL DEFAULT '';
Signed-off-by: Loui Chang <louipc.ist@gmail.com>
