More Registration Goodies
I’ve revamped the “Forgotten Password” reminder code (the link to which is at the upper left) to make it more secure, mostly to avoid sending passwords through unencrypted email.
It now works in a very similar way to registration. Instead of sending you your actual password (which, by the way, does not exist on the LGF server in a decryptable state), the email address on your account is sent a special code that allows you to visit an LGF page where you can create a new password. For security reasons, the code expires in 48 hours, and only one code can be requested per 48 hours. And the code can only be used to reset your password once.
I probably made it sound more complicated than it is, but I wanted to explain the rationale so that people understand the security issues.
The simple outline of the process: enter your email address, get an email and click the link it contains, enter your new password.
UPDATE: A good tip from Brian Tiemann has led me to change the way usernames are handled—they are no longer case sensitive. As long as your password is correct, you can use any capitalization you like for your username.
The registration module now refuses duplicate usernames, regardless of case.
In a few instances, this required changing a registered lizard’s username. If your name was changed, you’ll receive an email telling you the new name. (Usually, it’s the same as the old name, with the numeral 2 appended to it.)