Setup a New Password (step 2)

A user should reach this page only from a link sent to his mailbox. The link will also contain a temporary token and the customer number.
This page will not be displayed, for already connected users (with session cookie), that will be redirected to the portal page.
Page url is: Domain/PasswordRecovery_Step2. The HTML is flex (responsive) for any mobile device / browser view port size.

Web Page Structure

Body id Page Prefix / SMS / Email Templates Fields List
Password_Recovery3 Password_Recovery_Page_Step2 Password
Confirm Password
Security code (from phone)
Use this id for custom css and js Edit this key in Website Content
You can add title and logo to the window...

Email link was clicked

The link must contain 2 parameters: 'c' and 'token'.
  1. The process will stop on any failure, but it will return 'No Page' (in order to deceive hackers). Only in few cases the end user will get a friendly message.
  2. WAF will check that Link's parameters are valid and the general amount of calls from user's IP address.
  3. Client record is loaded for comparing the
    [hyp_Clients Website Ext. Record].[EMail Token]
    and that
    [EMail Token at UTC]
    is UP TO 1 Hour.
  4. Generate an Html Form link in the screen shot above and Log this transaction.

"Save New Password" (submit) Button

The following actions taking place when posting data to this form. The process will stop on a failure, with a message to the end user.

  1. Check that the form was posted from an Html page, generated by this site. WAF will check amount of calls from user's IP address.
  2. Check that all mandatory fields were filled.
  3. New Password must be at least 8 characters long and contain 2 digits and 3 letters.
    When using ONLY English characters, it is mandatory to combine uppercase and lowercase letters.
  4. Compare that
    [Confirm Password]
    is identical to the
    [Password]
    field (case sensitive).
  5. Compare that
    [Security code]
    is identical to the
    [hyp_Clients Website Ext. Record].[Phone Token]
    field (NOT case sensitive).
  6. The following fields will update on table
    [hyp_Clients Website Ext. Record]
    :
    1. [Last Password Change]
      to NOW.
    2. [EMail Verification Status] + [Phone Verification Status]
      both will get the 'Verified' value!
    3. [Portal Password]
      will get the new password encrypted and encoded.
  7. If all steps succeed, then the user will be routed back to Login page.
    Transaction is logged and session is freed, so the login will be done from scratch.