The goal here was to create a system where the user could recover from forgetting their password -- and continue with their work -- without bothering the admin. However, the admin should also be kept apprised on whats going on when users start resetting passwords. What follows is the result.

At the login screen, the user can click on a link entitled ’’Did you forget your username/password?’’. This link takes them to iforgot.cfm, which manages the process of username/password reminder and re-issuance.

The dialog presented to the user is straightforward: They enter the email address that is associated with their user record. Once this is done, one of two things happens:

If the user enters an incorrect email address
The same lockout mechanism kicks in that is used on the login screen: 4 tries (total) are allowed, and once locked out the user must wait until their session expires to try again. Note that the retry count for this screen and the login screen are separate from one another, so if a user makes three tries on the login screen, they are not down to their last try when they arrive at the help screen.

If the user enters a correct address
If the email address is found, a reminder message is sent to their inbox (along with a BCC copy to the system administrator). This reminder message contains their user ID. It also contains a link to changeme.cfm. Here’s a sample link:

http://mydomain.com/changeme.cfm?uflag=18C4A6FB%2D4A4D%2D41B3%2DAE73B879974CEF9E

Creating and using the encrypted return link
When the email address is found, a unique identifier (UUID) is created. This UUID is stored in an MD5 hashed format in the database along with the current date and time. The UUID is then inserted into the email link in urlencoded format and the message is sent.

When the user receives the email message and clicks on the link, they arrive at changeme.cfm. The code inside this template then urldecodes the string and digests it into an MD5 hash. This value is then compared to the hashed UUIDFlags in the database. If a match is found, the user can proceed.

If a match is not found, then the user goes nowhere and a message informs them of the problem. Further, if the value placed in the FlagDate field is more than 24 hours old, then the user is informed the change link has expired, and they must go and get a new one.

The new password
The new password entered by the user is put through 32 separate tests. Since these tests are performed server-side, rather than via a javascript validation, the supplied password string can be evaluated against all of the tests in one shot, saving the user from having to go back and forth solving one problem after another: all problems are noted in the first and only error message.

The password can not be shorter than 6 characters or longer than 10. It cannot contain special characters such as asterisks, dollar signs and a number of other characters. You may wish to allow some of these characters. If so this is easy to accomodate: simply remove the test for the character you don’t want to exclude.

You may also wish to forbid additional characters. The code is also easy to expand. Just add your test and and an error message to the existing list (found in changeme.cfm).

If these tests are passed the password is accepted and the database is updated with the new password. From there the user is directed to the login page (admin.cfm), where they can now enter the system by inputting their information.