Change password without sending emails

pztrn

Hello, I'm hosting a forum in overlay networks which accessible thru more than one IP/domain. Due to inability to ensure valid mail routing (yes, every of this network uses own mail system) I've left mail system essentially unconfigured with default "mail" driver. But how do my users can change their passwords without my interactions with database directly?

sizonov_stas

pztrn But how do my users can change their passwords without my interactions with database directly?

it seems no way.
perhaps email hosting will be the solution. i use zoho btw

pztrn

sizonov_stas It's not a solution, it's a data leakage 🙂 For example how does any mailhosting will send email to @mail.i2p domain for example? You know the answer.

clarkwinkelmann

In Flarum the choice was made to use the password reset feature as the main way of changing password as well. I'd guess this is because it reduces complexity and development time for now.

This method of changing password, that is common in modern web apps, relies on the second factor that is email to prove account ownership and prevent yourself (or a hacker) from locking you out of your account.

To add a standard change password feature, you'll need to write or get an extension written.

This still leaves the question of how you verify the legitimity of users and how do they recover access to their account if they forgot their passwords or get compromised ?