Suggestion: limit on password recovery

[ErwinB]

Hello,

I just have a suggestion about the password recovery feature. Actually, whan you want to get a new password, you're set as 'validating' and an e-mail is sent.
The problem is: if the member who asked for a password recovery don't receive the mail or don't follow the instructions, he remain as validating. Actually w have something like 258 records in ibf_validating about this.

So, I suggest, to keep this table clean and for security, to allow the admin to set a limit for the recovery. If the member don't follow the instructions after x days, the account is locked or put back as an active member, and the entry in ibf_validating deleted. Because actually, the admins aren't able to manage this validating case and they are password recovery links still active since a long time - which can be a risk if someone read the mail instead of the account owner.

So I'd like to be able to set a limit to this, if nothing is done after X days, the recovery is cancelled and the validating deleted.

[ref_san_atom]

Because actually, the admins aren't able to manage this validating case and they are password recovery links still active since a long time -

which can be a risk if someone read the mail instead of the account owner

.

Yes, I am worried about these despicable creatures too. These virmins get into other peoples board and do stuffs that they have no right to do. Your feature is very useful and I hope it gets implemented. :)

[Logan]

Good suggestion, I do agree.

[Steve G.]

Good suggestion, +1.

[sunrisecc]

I agree also.