We are currently developing a mobile app, that has Single Sign On (SSO) into a Moodle 2.6 instance.
When logging in, we require a 'Forgot your password' button that we had hoped would hook into moodle and send the moodle password reset email to the given email address.
We have hacked together a method of acheiving this by sending a CURL request to the /login/forgot_password.php page and regex'd out the session key. Then with this we create a POST request to the same page with the given email and session key.
Does anyone know a better way of doing this? Is there a moodle function we could tap into. Any input on security issues with doing this would also be greatly appreciated.