This local plugin allows an external service to access moodles reset password functionality.
By posting a secure key, along with the user accounts email address, the local plugin will check against certain criteria before loggin, and sending the moodle password reset email.
The plugin checks a series of events before allowing the password reset email to be sent.
1 - Checks the plugin has been enabled (plugin setting disabled by default)
2 - Checks the encrypted key from the POST message matches the one stored in moodle (plugin setting)
3 - Checks the user exists in the moodle user table
4 - Checks the user is not an admin (admins have been restricted from using this plugin for security reasons)
The plugin works by an external service sendding a POST request to the following plugin file
[YOUR MOODLE URL] / local / resetpassword / reset.php
The file requires two variables to be posted to it.
e - the email address of the account
k - the encrypted key
The encrypted key that is posted to the file is created by concatenation of the email address and the private key (set in moodle), this is then encrypted with MD5.