def reset_password():
# EXP: Import UUID module from gluon.
from gluon.utils import web2py_uuid
# EXP: Define variables.
# NOTE: No idea how long this is... and any shorter number breaks it, I think...
max_time = 100000000000
# EXP: Create a form that will return "E-mail Address Unknown" if the email can't be found.
form = SQLFORM.factory(
Field('email', requires = [IS_EMAIL(error_message='Email Address Unknown'),
IS_IN_DB(db, 'auth_user.email', error_message='Email Address Unknown')]))
# EXP: If the email address is valid, process a password reset email.
if form.process().accepted:
# EXP: Find the user whose email matches the request.
user = db(db.auth_user.email == form.vars.email).select().first()
# EXP: Generate a one-time key to allow password reset. Web2py's uuid method allows duplication across instances.
reset_password_key = str(int(max_time)) + '-' + web2py_uuid()
# TODO: Find a way to encrypt the key before uploading it to DB that works with web2py's internal password reset system.
user.update_record(reset_password_key = reset_password_key)
# EXP: Send an email with a password reset link to the entered email address.
message = '<html> <h3>Retrieve your password for XXXXXXXX.com</h3> <p>Please use the link below to reset your password.</p> <p> <a href="' + str(URL('user', 'reset_password', vars=dict(key=reset_password_key), scheme='https', host=True)) + '">Reset Password</a></p> <p>If you did not initiate this password reset, please ignore this email.</p> </html>'
mail.send(to = [user.email],
subject = 'Reset your password at XXXXXXXX.com',
message = message)
session.flash = 'Email sent'
# # TODO: Forward to login page with forward_page variable.