[SOLVED] Forgot Password Reminder - MD5?

[wwfc_barmy_army]

Hello.

 

I've got a field for a password in my database which is encrypted using the MD5 when the password is first set, but i would like some kind of password reminder, or reset, although i am unsure how i could go about it. I am aware that MD5 encyption is a one way thing and cannot be decrypted, so i don't think i'll be able to work with a reminder, but some kind of password reset might work.

 

Any suggestions/examples/pieces of code?

 

Thanks.

 

[cooldude832]

A few ideas depending on your  prefs on security.

 

Case 1:

Make a secondary table of non-md5ed passwords with a one way encrypted userids.  Semi-insecure, but gives you an ability to recover passwords without resetting. (i.e $q1 = "select UserID from `Main_users` Where Email/Username = '".$_POST['userinput']."'";  then use that idin this secondary table)

 

Case 2:

Don't store, if you forget you generate a random string and make that the new pasword, emailing it to the user.  Note great if you have forgetful users, but is more secure than case 1

 

Case 3:

Don't use md5 and use a salt with a two-way algorthim so they can be recovered.  Its more secure than 1, but if your algrothim is cracked you are dead in the water.

[Wuhtzu]

If the users are registered with an e-mail you can let the user ask for a password reset, then send an e-mail to the user which holds an "confirmation link" he/she has to click in order for the password to be reset and finally, if the password reset is confirmed reset the password to something and mail it to the user:

 

 

1: User clicks "Forgotten password?" and learns about the reset feature.

2: User clicks "Reset my password"

3: You send an e-mail containing an confirmation link to the users e-mail

4: User clicks the confirmation link in the e-mail, confirming he wants the password reset (this is to prevent morons from resetting other peoples passwords)

5: You receive the confirmation, generates a random 8 char long password, md5() encrypts it, stores it in your DB and mail the plain text password to the user

6: User can now login again and set a proper password

 

That what I would do.

[eagleweb]

Wuhtzu is right.

If you are not worried about #4 above though and want the user to have an immediate password, you could set up the "reset password" form to check the database for the email address of the user and send a random password to that email address. If the user types in an email address that is not in the database, he gets an error message instead.

It is immediate.

It only sends the new password to the email address on file

It enrypts it (md5) and inserts into the database

 

Only bad thing if it is concern, is that if I knew your email address, I could keep resetting it; but I could not retrieve it...only you could.

[Wuhtzu]

If you know the e-mail address of another user you will not be able to reset it, only generate an (annoying) e-mail which asks for confirmation to reset the password.

[cooldude832]

which you can use ip tracking on it and report the maleficences to their ISP.

[atlanta]

My suggestion is on the forgot password page select the user's email from the database have the script generate a random string then send this to the user in a email at the end of the script.. and allow them to reset the password with the correct random string entered!

[GingerRobot]

A few ideas depending on your  prefs on security.

 

Case 1:

Make a secondary table of non-md5ed passwords with a one way encrypted userids.  Semi-insecure, but gives you an ability to recover passwords without resetting. (i.e $q1 = "select UserID from `Main_users` Where Email/Username = '".$_POST['userinput']."'";  then use that idin this secondary table)

 

Case 2:

Don't store, if you forget you generate a random string and make that the new pasword, emailing it to the user.  Note great if you have forgetful users, but is more secure than case 1

 

Case 3:

Don't use md5 and use a salt with a two-way algorthim so they can be recovered.  Its more secure than 1, but if your algrothim is cracked you are dead in the water.

 

Personally i hate websites where the lost password function returns your original password. This is inherently more insecure than a hashed password which would not be retrievable.

 

I also dislike the idea of having my normal password stored in one of my emails - if i'm logged in to my email and someone were to read that email, they would have my actual password, rather than a random string that most lost password functions generate.

[cooldude832]

thus why I said it depends on your security prefs

[atlanta]

Yea i think generating a random string is the best because then if the user uses that password for everything it wont be compromised!

[eagleweb]

no matter how it is done, the owner of the email address gets an email if his/her email address is entered in the 'retrieve password' form. The difference is whether or not the password gets reset immediately or after he approves the change.

 

What you want the outcome to be is how you need to set up the form. You now have multiple ideas to choose from.

 

1. confirm that he wants password reset first

2. reset password with random string and send it to him

3. send him random string that can be used to reset the password

 

Next step is yours.

[wwfc_barmy_army]

Thanks for all the replys

 

I'll take them all into mind.

 

Thanks again