Forgotten Password?

[Wolphie]

I don't really understand how this works.

When somebody clicks on "Forgotten Password" and then enter their e-mail address, in my case is the MD5 hash encryption decrypted and then sent via e-mail? If so how would i decrypt the MD5 hash? If not, what other method is there?

[Orio]

You send them a new password. Then you md5 it and store in the db.

 

Orio.

[Wolphie]

So basically, you reset their password?

 

Generate a new one, send it to them. MD5 encrypt it and then write it to the database?

[Orio]

Exactly

 

Orio.

[Dragen]

in my case is the MD5 hash encryption decrypted and then sent via e-mail?

You can't decrypt md5. It's a one way encryption, but what Orio said is probably the easiest way of doing it, without writing your own hashing function.

[rarebit]

You could build a lookup table or use a pre-built one such as http://www.md5decrypter.com/ or http://www.md5encryption.com/.

 

An extra point is you can add a salt (extra stuff) when doing your hash sum, there's a pretty current thread discussing this at the mo...http://www.phpfreaks.com/forums/index.php/topic,168037.0.html. By using a salt prevents someone from using a 'standard' pre-built lookup table, this would assume someone had access to your password hash table for your sites users.