@Kero, Reset Password suggestion.

[Mohamed El-Menisy]

Kero I have a suggestion.

If a user asks for reset password, as you did you have a temporary password that doesn't get saved unless he uses it.

On the other hand, if he still uses his old password to log in "ya3ni el reset dah kan wa7ed fa23o zomba", I suggest we

should delete the temporary password.

 I also found that facebook uses a somewhat weird hack to test the number of wrong password/email trials.

The idea is when you first load the login page you pass a parameter trial numbers which is initially zero, and every time wrong credentials

are given you increment this param as you re-pass it, and you perform a check on this param to see if it is more than 5 for example by then

you can display a suitable option. It's too much of a hassle I know so you can just ignore it.