Hi im currently working on a change password logic using the users email.
What i want is when i click the forgot password it will redirect to Forgot Password page and the user will input their email, if the email doesn't exist in the system it will prompt a "Email doesn't exist" and if the email exist, it will go to the reset password page with the Input parameter email that will be connected from the forgot password page.
Now up into that part i know it, but the logic behind changing the password is where it gets me messed up. I don't know if the Users entity data is changing based on the email. I still don't get it.
Logic below of forgot pass filtering the email if it exist in the database.
Reset password page logic below, it doesn't change the password of the data with the email i inputted in forgot password page.
Check my oml.
Regards,
Fuensalida
Hi @iverson fuensalida
Your application is working fine. Be sure that after changing password during login you put "UserName" not Email. I think you're trying to login via email & changed password. Try to login with UserName & Changed password.
Reason is that, for some user Both UserName & Email is same & that is Email. But for some users username can be different than email.
To check details login into "Users" application by using below Url. Replace domain with your environment url.
https://domain/users
"Try to login with UserName & Changed password. " - this will not work as the functionality @iverson fuensalida is implementing is "Forgot Password" where the user doesn't remember his password.
Hello @iverson fuensalida , I reviewed your implementation, and it is not a secure way to implement password recovery. Your approach has a significant security flaw—for example, anyone could enter someone else's email, reset the password, and gain unauthorized access to the system.
I recommend watching the excellent video shared here, which provides a guide for implementing a safe and secure password recovery process. Please follow that approach.