Jump to content

Archived

This topic is now archived and is closed to further replies.

extrovertive

Sending a user forgotten password

Recommended Posts

K, I have a table with userid, email, and their password. Their password are encrypted using MD5. In my login page, there's a link for "Forgot password?"

Now, since the password is based on a 1-way hash encrpytion in the database, how will I send them their password should they forget it?

Share this post


Link to post
Share on other sites
you will have to change their password to something that is known, then set it to the new value (encrypted) in the database, then email the user thier new password.

Share this post


Link to post
Share on other sites
I know I can that - randomly generate them a new password - but that's just reseting their password.

I know want to send them their original password. Anyway around this with md5?

Share this post


Link to post
Share on other sites
What i would do is create a new password, using a random function (rand on php.net)

Send them that, and tell them to change it in the control panel or something

md5 is one way encryption for a reason.

Share this post


Link to post
Share on other sites
[quote]1-way hash encrpytion[/quote]

You answered your own question...1-way means it can't be unencrypted...you can only encrypt a string with the same method and see if they match.

Share this post


Link to post
Share on other sites
k, guess I'll have them reset the password.

What if I had stored their password using sha1? Is there a encryption-decryption algorithm?

Share this post


Link to post
Share on other sites
sha-1 is one way encryption too. There are encryption/decrption functions in PHP. However you can encode/decode strings with base64_encode/base64_decode however these are not secure. The only way to reset the users password is to create a random password generator which will generate a random password for them, or get them to reset the password.

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.