The slashdot software does something similar to this. Here's something to think about... The point of these steps is to prevent a certain kind of denial-of-service attack.
Thanks for the idea. I just checked in the new code for encrypted passwords, but I'll save your message and consider adding that as well. As I was writing the code, that particular DOS even occurred to me, but I didn't think it was likely enough to justify the extra code and a solution didn't leap immediately to mind--I'm glad to know there is one.
...this email should identify the ip number of the person clicking on 'send a new password'.
Another thing to consider. Thanks. 0