jdporter - what would it take to make password resets change from the current (email out the plaintext password) to sending out a password-reset link, in the PerlMonks codebase? Is it as simple as an additional SQL table "password_reset" with columns UID, one_time_key, time_requested, and a page that takes the first two as CGI params, asks for a new password, submitting to a second page that takes those 3 values and updates the database by updating the password and deleting the password_reset row? (The time_requested is so it can be cleaned up periodically)

cavac - how does PageCamel do this?

... Is it as simple as [a bunch of really complicated sounding stuff] ...

Yes? :-D If you can write the code, I'm willing to create the db table(s) you'll need. (And I can help you write the code, wrt interfacing with the framework.)

FWIW I have working and long tested code for the whole process of a safe password reset. (100/day over 9 years)

Still needs to be tested in a second phase, if PM can be migrated to hashed (and longer) passwords.

Cheers Rolf
_{(addicted to the Perl Programming Language :)
see Wikisyntax for the Monastery}

Short version

As pmdev you have access to code search and all documentations and wikis. ¹

You can also install an old everything and play around.

Long version

I've provided you with many links yet to inform yourself and help developing.

While you haven't provided a single patch yet, you are very vocal in criticizing and demanding change here.

I somehow doubt you'll ever "take the bait" and start with (non-vocal) contributions.

Cheers Rolf
_{(addicted to the Perl Programming Language :)
see Wikisyntax for the Monastery}

¹) PmDev Nodelet

This is the sort of negativity that doesn't do any good for anyone. Please refrain.