lost username/password script

[webguync]

I've never actually done a username password,  retrieval script before so need a little help. In the profile form the user is submitting username/password/name/email etc. into a MySQL DB along with a security question and answer. Is it just a matter of creating a form which does a check against the database and sends out an email to the user with their password? The password is hashed with MD5, so how would I send out an un-hashed PW?

 

thanks!

[AbraCadaver]

I've never actually done a username password,  retrieval script before so need a little help. In the profile form the user is submitting username/password/name/email etc. into a MySQL DB along with a security question and answer. Is it just a matter of creating a form which does a check against the database and sends out an email to the user with their password? The password is hashed with MD5, so how would I send out an un-hashed PW?

 

thanks!

 

Hashing is one-way so you can't unhash it.  You would need to generate a new password, update the db and then send them the new password.

[webguync]

thanks, can you give me an idea of how to do this. Never done it before (obviously).

[Maq]

thanks, can you give me an idea of how to do this. Never done it before (obviously).

 

Just Google "php lost password", there are plenty of examples.

[AbraCadaver]

Present a form that asks for the username or email, and when submitted, query the database for the security questions.  Present a form with the security questions, and when submitted, query the db for the answers for the specific user.  If they match then generate some random password, md5 it and update the db.  Then just send them the newly generated (not md5) password.

[webguync]

ok thanks. Looks like Google is s bit help so I will check out those scripts and post if I encounter any problems.