Secure Password Reset Form
Hello,
We need to be able to securely provide passwords to our clients. The idea is to have a very simple system with front-end and back-end:
back-end:
- Admin login (or can be protected by .htaccess)
- Required Field for email address
- Required Field for password
- Optional Field for Name.
- Submit/Reset button
- Report menu indicating whether a user viewed the password or not
front-end:
- The User receives an email asking them to visit a secure URL (defined by the application) to view their password
Security Requirements:
- Admin should not be able to email more than one person at a time
- Password must be deleted immediately after the user views it
- Password must be deleted after 48 hrs if no user views it
- The URL to view the password must not be guessable by human/machine.
- The password should NOT be stored anywhere at all once the user views it.
- The system should work on PHP4/PHP5 either with or without mySQL (prefer without mySQL).
- The system should be able to sanitize inputs/outputs against injection attacks.
- No sensitive information should be leaked in anyway or shape.
Optional: Contribute the script to the open-source community.
Please respond with your quote and time estimate.
