Hi ,
I have recently changed password reset process, where i am skipping a step of sending a link to the user to confirm their account before system send thiem a temporary password.
Instead I send users if they exist in the database a link which allow them to reset the password directly by taking them to password reset page.
this reset password page consist of username and two password rest field ,
Issue: this password reset link consist of id and unix time stamp which can be hacked by any one who knows how moodle works.
"reset_password.php?id=98&val=1554118200"
How can i encrypt above information and avoid this issue.
Please advice
Kind Regards
Prashu