-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use separate password_resets_table for each #51
Comments
Thats good idea thanks. i will add it to the next version. |
P.S. |
Oh.. but why? Maybe there will by any artisan command. |
checkout this PR |
Hesto
added a commit
that referenced
this issue
Jan 8, 2017
Issue #51 : Use separate password_resets_table for each
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This package uses same database table (password_resets) for each guard.
But there is problem using this -
Lets take an example :
There are two types of users
An admin can be a customer and a customer can be an admin. Same person have two different account but with same email address.
Now when that admin user make any password reset request, application will overwrite any existing (this can be himself as customer) request for same email address. This way the tokens gets lost and email link becomes invalid.
The possible solution is to use a separate table for each user type -
admin_password_resets
tableapp/config/auth.php
fileThe text was updated successfully, but these errors were encountered: