Implement email password recovery feature for LRR system #75

Open

zayid wants to merge 1 commits from Bug197-Zayid-V2 into Hui-Organize

pull from: Bug197-Zayid-V2

merge into: mrlan:Hui-Organize

mrlan:Bug48-Aya

mrlan:InstallationGuide

mrlan:Bug197-Zayid

mrlan:Hui-Organize

mrlan:Bug193-Martha

mrlan:Bug430-Eden

mrlan:Bug486-Nartey

mrlan:Nartey-Testscript

mrlan:Eden-Testscript

mrlan:BUG352-NEIL2

mrlan:Bug352-Neil-Revised

mrlan:Bug418-Yaaqob

mrlan:update-MPIANA-tests

mrlan:Bug418-YAAQOB-MPIANA

mrlan:Bug557-Ayoub

mrlan:BUG352-NEIL

mrlan:Bug430-Eden2

mrlan:nar

mrlan:master

mrlan:Hui-improve-README.md

mrlan:Bug469-Hui

mrlan:Bug519-Hui

mrlan:Refactor-Moyo

mrlan:Bug469-kingsley

mrlan:Bug457-YAAQOB

mrlan:Bug510-Abdulai

mrlan:Bug485-Abdulai

mrlan:Xuxuan

mrlan:Bug196-Ward

mrlan:Bug404-Edson

mrlan:niweicong-bug-458-revised

mrlan:Bug34-Lamashevskyi

mrlan:Bug418-Lamashevskyi

mrlan:Bug37-Dmytro

mrlan:Bug_461_Martha

mrlan:niweicong-bug-458&459

mrlan:SPM-Zayid-468

mrlan:Bug23-Haji

mrlan:bug23-Haaji

mrlan:SMP-ZAYID-468-FEATURE

mrlan:LiangLigang

mrlan:Bug256-Umar

mrlan:Bug246-Petros

mrlan:AutoTesting-Golden

mrlan:IDVerificationBug-Golden

mrlan:Bug200-Ward

mrlan:SeleniumIbrahim-Ibrahim

mrlan:SeleniumIbrahimUpdate-Ibrahim

mrlan:bug231-Ibrahim

mrlan:bug312-Golden

mrlan:Bug203-Hui

mrlan:Hui-UserDoc

mrlan:Hui-DeleteUnnecessaryImages

mrlan:ProjectHomePage

mrlan:Hui-Bug330

mrlan:Hui-CodeIndentation

mrlan:Hui-Bug29

mrlan:Hui-Bug337

mrlan:SIMPLICITY_link

mrlan:Hui-IndentCode

mrlan:Mabasa-bugfix-199

mrlan:Mabasa-readmefix

mrlan:Mvondo-bugfix-21

mrlan:Hui-LecturerEmail

mrlan:SIMPLICITY_Bug-189_Course_Delete_btn

Conversation 2 Commits 1 Files Changed 10

zayid commented 2025-05-25 06:22:22 +08:00

Collaborator

Features implemented:

• Email-based password recovery using 163.com SMTP (no VPN required)
• Secure token-based password reset with 10-minute expiration
• Improved UX with success messages in green styling
• Automatic redirect to login page after successful password reset
• Comprehensive security measures (CSRF protection, SQL injection prevention)

Technical changes:

• Added password_reset_tokens table to database schema
• Updated Script.php with password recovery logic
• Enhanced index.php and recover_password.php with success message styling
• Migrated from Gmail SMTP to 163.com SMTP for better reliability

Testing:

• All teacher-provided tests: 12/12 passed (141.63s)
• Email password recovery tests: 2/2 passed (22.55s)
• Total success rate: 100%

Security features:

• Time-limited tokens (10-minute expiration)
• Secure token generation using bin2hex(random_bytes(32))
• Foreign key constraints for data integrity
• Rate limiting considerations

Fixes: Bug #197 - Password recovery functionality

Features implemented: - Email-based password recovery using 163.com SMTP (no VPN required) - Secure token-based password reset with 10-minute expiration - Improved UX with success messages in green styling - Automatic redirect to login page after successful password reset - Comprehensive security measures (CSRF protection, SQL injection prevention) Technical changes: - Added password_reset_tokens table to database schema - Updated Script.php with password recovery logic - Enhanced index.php and recover_password.php with success message styling - Migrated from Gmail SMTP to 163.com SMTP for better reliability Testing: - All teacher-provided tests: 12/12 passed (141.63s) - Email password recovery tests: 2/2 passed (22.55s) - Total success rate: 100% Security features: - Time-limited tokens (10-minute expiration) - Secure token generation using bin2hex(random_bytes(32)) - Foreign key constraints for data integrity - Rate limiting considerations Fixes: Bug #197 - Password recovery functionality

zayid added 1 commit 2025-05-25 06:22:23 +08:00

a01f30c887 Implement email password recovery feature for LRR system ...

Features implemented:
- Email-based password recovery using 163.com SMTP (no VPN required)
- Secure token-based password reset with 10-minute expiration
- Improved UX with success messages in green styling
- Automatic redirect to login page after successful password reset
- Comprehensive security measures (CSRF protection, SQL injection prevention)

Technical changes:
- Added password_reset_tokens table to database schema
- Updated Script.php with password recovery logic
- Enhanced index.php and recover_password.php with success message styling
- Migrated from Gmail SMTP to 163.com SMTP for better reliability

Testing:
- All teacher-provided tests: 12/12 passed (141.63s)
- Email password recovery tests: 2/2 passed (22.55s)
- Total success rate: 100%

Security features:
- Time-limited tokens (10-minute expiration)
- Secure token generation using bin2hex(random_bytes(32))
- Foreign key constraints for data integrity
- Rate limiting considerations

Fixes: Bug #197 - Password recovery functionality

mrlan commented 2025-05-26 08:03:26 +08:00

Owner

@zayid
Thanks. I will check.

@zayid Thanks. I will check.

zayid commented 2025-05-27 18:04:51 +08:00

Poster

Collaborator

@mrlan ok teacher, thanks.

@mrlan ok teacher, thanks.

This pull request can be merged automatically.

You are not authorized to merge this pull request.

You can also view command line instructions.

Step 1:

From your project repository, check out a new branch and test the changes.

git checkout -b Bug197-Zayid-V2 Hui-Organize

git pull origin Bug197-Zayid-V2

Step 2:

Merge the changes and update on Gitea.

git checkout Hui-Organize

git merge --no-ff Bug197-Zayid-V2

git push origin Hui-Organize

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: mrlan/LRR#75

There is no content yet.