lost password

[Deserteye]

I am trying to make a lost password script but when I try to retrieve the password from the database and send it in an email to the user, it stays encrypted. I am using md5 encryption.. I know that is one way encryption. Any suggesstions?

[Wintergreen]

You'll have to send them an e-mail with an new temporary password as well as change their password in the DB to the new one. Then have them log in and change it

[redarrow]

provide a link near the login username and password when the user press the link ask them for there email address and new password and a retype password from a form and if the eamil matches then update the password with the new one.

[Wintergreen]

The problem with that is that anyone can change anyone else's password just by knowing their e-mail address

[redarrow]

well the only safe way i can see you doing it is when a user registers then  ask them for a special name and when users lose there passwords then use the specal name to activate there new password then.

[.josh]

you cannot decrypt an md5 password.  all you can do is make a new one and send them the new password. 

as far as anybody being able to reset your password simply by knowing your email: here is what I do, and it may or may not be the best method, as i am no expert:

I have a field called temp_password. it is set to null by default. 

when you request a password reset, the script generates a temporary password and sends it to the email address, along with a "if you did not request this email, please report it or click on this linkie here", or whatever.  it's up to you what you want to do as far as "I didn't request this password change!" situations.  I try to log as many things as possible when a user requests a password change, such as the ip address, etc.. but those things only go so far as reliability.

the login script is then altered to not only check the normal password, but also see if temp_password is null or not, or if the user is trying to login with the temp_password.

if they login with the temp_password, prompt the user to change their password, and reset temp_password to null.

if they login with their old password, simply reset the temp_password to null.  you could also echo a message to the user warning them that (because the temp_password was not null), someone may have tried to reset their password, and give them the option to report it or something, in case they a) no longer have access to their own email, but obviously know their password, or b) haven't checked their email yet, or don't check it very often, so they wouldn't know about it.