send email to user for password reset in android app [closed]

Question

Closed. This question needs details or clarity. It is not currently accepting answers.

---

Want to improve this question? Add details and clarify the problem by editing this post.

Closed 6 years ago.

Improve this question

i have developed one login form (username,password and submit button) using a MySQL connection through soap webservices in my android application. here i have forget my password means i can't access my account.then how can i access my account.so i have added one textview(forget password???click here).i have completed registration page.registration page have username,password and email.so when i forget my password means click the forget password textview.then it is go to forget password activity.here when i have entered my registered email id means my password is reset and send to my email id.so i know my password now.how can i do.please help me programmatically.

Answer 1

I thing the better way is, you have user current password in your mysql database then just get the user email address and call your web service.

Now from your service search for email address is exist or not if exist then fetch the password and send email from service and on success/failure/ does not exist user return message to you android as response.

You just need call the service from android only no need to change user password the getting the mail and login it using current credential.

Edited

If you do this then call the web service with passing email address search for the email search for checking if exist or not if exist then create dynamic password string and update the password of that user and also send this password to user email address.

Answer 2

You should avoid sending passwords in emails.

Instead you could send the user a token which is set to expire after 10 minutes or so which could be (roughly) implemented by

• Creating a table which logs the forgotten passwords requests (userid, token, requested_on, expires_on).
• When a user requests a password reset, send them an email containing the token logging this to the table.
• Creating a password reset form where the user can enter the token and a new password.
• When the password reset is submitted check the token is valid for the user based on the log.
• If the reset was successful take the user to the login form.