Jump to content


Photo

Sending a user forgotten password


  • Please log in to reply
6 replies to this topic

#1 extrovertive

extrovertive
  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 03 August 2006 - 01:08 AM

K, I have a table with userid, email, and their password. Their password are encrypted using MD5. In my login page, there's a link for "Forgot password?"

Now, since the password is based on a 1-way hash encrpytion in the database, how will I send them their password should they forget it?


#2 hitman6003

hitman6003
  • Members
  • PipPipPip
  • Advanced Member
  • 1,807 posts

Posted 03 August 2006 - 01:09 AM

you will have to change their password to something that is known, then set it to the new value (encrypted) in the database, then email the user thier new password.

#3 extrovertive

extrovertive
  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 03 August 2006 - 01:17 AM

I know I can that - randomly generate them a new password - but that's just reseting their password.

I know want to send them their original password. Anyway around this with md5?

#4 onlyican

onlyican
  • Members
  • PipPipPip
  • Advanced Member
  • 921 posts
  • LocationHants - UK

Posted 03 August 2006 - 01:17 AM

What i would do is create a new password, using a random function (rand on php.net)

Send them that, and tell them to change it in the control panel or something

md5 is one way encryption for a reason.
Tell me the problem, I will try tell you the solution

#5 hitman6003

hitman6003
  • Members
  • PipPipPip
  • Advanced Member
  • 1,807 posts

Posted 03 August 2006 - 01:19 AM

1-way hash encrpytion


You answered your own question...1-way means it can't be unencrypted...you can only encrypt a string with the same method and see if they match.

#6 extrovertive

extrovertive
  • Members
  • PipPipPip
  • Advanced Member
  • 235 posts

Posted 03 August 2006 - 01:26 AM

k, guess I'll have them reset the password.

What if I had stored their password using sha1? Is there a encryption-decryption algorithm?

#7 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 03 August 2006 - 11:15 AM

sha-1 is one way encryption too. There are encryption/decrption functions in PHP. However you can encode/decode strings with base64_encode/base64_decode however these are not secure. The only way to reset the users password is to create a random password generator which will generate a random password for them, or get them to reset the password.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users