The view "Forgotpassword" was added to the Userpaex module to manage the forgot password function.
The user must add his email address.
When a new hash key is generated, the user receives an email with a link to the form where he can submit his new password. This email also contains the expiration date time of the hash key (and the link). After the user clicks on the link and sets a new password, the hash key is removed from the "forgot password"-table.
The time the hash key remains valid is defined in the mbpaex.ini. The Forgot Password Hash Life Time value is set in seconds and has a default value of 86400 seconds (24 hours)
Only the last hash key generated is valid. For example, when a second hash key is requested without having used the previous one, the previous hash key is removed.