| | 349 | '''Reset by mail tokens''' |
| | 350 | |
| | 351 | First, the user will enter his login and his mail address. A mail is sent to him. |
| | 352 | |
| | 353 | Then, the user click on the link in the mail, an can set a new password. |
| | 354 | |
| | 355 | //PHP sessions are used to store and retrieve token on server side.// |
| | 356 | |
| | 357 | You can enable or disable this feature with $use_tokens |
| | 358 | |
| | 359 | {{{ |
| | 360 | $use_tokens = true; |
| | 361 | }}} |
| | 362 | |
| | 363 | '''Mail configuration''' |
| | 364 | |
| | 365 | You can also avoid to request the mail to the user, only the login will be asked, and the mail will be read in LDAP: |
| | 366 | |
| | 367 | {{{ |
| | 368 | $mail_address_use_ldap = true; |
| | 369 | }}} |
| | 370 | |
| | 371 | '''Security''' |
| | 372 | |
| | 373 | You can crypt tokens, to protect the session identifier: |
| | 374 | |
| | 375 | {{{ |
| | 376 | $crypt_tokens = true; |
| | 377 | }}} |
| | 378 | |
| | 379 | You should set a token lifetime, so they are deleted if unused. The value is in seconds: |
| | 380 | |
| | 381 | {{{ |
| | 382 | $token_lifetime = "3600"; |
| | 383 | }}} |
| | 384 | |
| | 385 | '''Log''' |
| | 386 | |
| | 387 | By default, generated URLs are logged in the default Apache error log. This behavior can be changed, to log in a specific file: |
| | 388 | |
| | 389 | {{{ |
| | 390 | $reset_request_log = "/var/log/self-service-password"; |
| | 391 | }}} |
| | 392 | |
| | 393 | '''Reset URL''' |
| | 394 | |
| | 395 | //Optional// |
| | 396 | |
| | 397 | By default, reset URL is computed using server name and port, but these values can be wrong if the application is behind a reverse proxy. In this case you can set yourself the reset URL: |
| | 398 | |
| | 399 | {{{ |
| | 400 | $reset_url = $_SERVER['HTTP_X_FORWARDED_PROTO'] . "://" . $_SERVER['HTTP_X_FORWARDED_HOST'] . $_SERVER['SCRIPT_NAME']; |
| | 401 | }}} |
