Jump to content

user's password retrieval


bugzy

Recommended Posts

I have my user's password saved in the database using sha1 so base on my research, it's hard to decode it and there's no way I can show to my users the actual password they have saved once they use my feature "forget password" which will be sent via e-mail.

 

I wonder if is it safe to put the user's ID and sha1 password in the url? The link will be sent via e-mail as what I have said and once they click it, it will be verified via $_GET and then post a new form which will give them an option to put a new password.. I wonder if this will work or there's a security issue on this?

 

Or do you guys have any approach on this?

 

Thanks

Link to comment
Share on other sites

Reset the users password to something you know and send them that.

 

thorpe that was  really a great and simple solution though I wonder where will I get that password? as much as possible I want everything to be automated in php. Will I put a default password value for resetting a password or there will be a list of password? Because if there was a list or a default value? Do you think it is very vulnerable for some kind of sabotaging my website?

Link to comment
Share on other sites

Once the pw is hashed you can say it's impossible for joe average, AKA people like you and me, to get the pawword out. I know sites that can email you your password when you foregt it, not email you a new password.

 

I would guess they have another table with the password in it, I would also guess they don't put it in the members table.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.