Project Scope of Work:
1. Identify why and resolve problem(s) that are preventing registered customers from having their password emailed to them. The following message is currently being displayed: "Error: The e-mail address you entered was not found in our records. Please try again."
2. Write secure php and mysql code to allow registered customers to reset their password. This functionality must also send a confirmation email to the customer (whose email address must match the address contained in our database), who must click on a link within 24 hours to authenticate they in fact want to change their password. If the link is not clicked within 24 hours, the link will expire. If they do click on the link within the aforementioned specified period of time, they will be sent a temporary password. Once logged in with the temporary password, they must be forced to change their password; this will require the script to transition from http to https to [url removed, login to view] where the following fields currently exist: Current Password; New Password; Confirm New Password.
3. Send an email to up to 2 system administrators each time a customer requests a password reset. This email will include the Customers First and Last Name, City, State, Zip Code, Country, Phone, and Email Address.
4. Send an email up to 2 system administrators each time a customer experiences 3 unsuccessful logins. This email will include the Customers First and Last Name, City, State, Zip Code, Country, Phone, and Email Address.
Terms and Conditions:
1. Acceptance of this project also serves as full agreement and acceptance of the following terms and conditions:
(a) Service Provider certifies he/she possesses extensive knowledge and a universally acceptable level of professional experience associated with the following:
* OScommerce (All milestones, MS2.2 in particular)
* Database and web-based application security
2. Service Provider agrees to perform a full and complete backup of Service Buyers entire online store to include all databases, configurations, files, images, etc.
3. Service Buyer reserves the right to cancel this project, held harmless, and not be obligated to making payment for any services provided if:
(a) Service Provider fails to honor the timetable agreed upon for this project.
(b) Service Provider fails to respond to any/all e-mail communication, Instant Messages, and/or GAF messages sent by Service Buyer within 24 hours for each instance.
(c) Service Provider fails to ensure the above referenced customized contribution does not work as it should or as it is intended.
(d) Adversely impacts any functionality, contributions, and/or core code within our online store.
(e) Service Provider misrepresents his/her true professional/technical capabilities.
(f) Service Provider warrants he/she will not install any code, application, scripts, or alterations to pre-existing code that could, will, or would compromise website security.
4. Service Provider acknowledges he/she has adequate computer security in place to prevent the observation of or access to any and all information, files, folders, usernames, passwords, login URL's, etc. associated with or applicable to this project.
5. Service Provider agrees to respond to all support requests made by Service Buyer within 4 hours for a period of 30 days after Service Buyer makes payment for this project. Service Provider furthermore understands and agrees that support includes identifying and resolving any/all issues arising subsequent to the payment.
6. Service Provider agrees to permanently discard and/or destroy all usernames and passwords provided by Service Buyer subsequent to the completion of this project.