The password reset function in Shopkit has 2 major components:
First, a function that adds a random token
field to a user’s account file:
And second, a route that will accept that one-time use token, change the user’s password, log them in, and redirect them to change their password:
This is probably not easy to include by default into Kirby core for a few reasons:
- It requires a new
/token
route which could conflict with existing sites.
- It relies on creating and destroying
token
fields within the user’s account file, which could conflict with existing sites.
- Sending account tokens via email can introduce security risks if your outgoing mails are logged on the server. Kirby has no control over this.
4 Likes