Jump to content

[SOLVED] encrypting/decrypting strings


mike1313

Recommended Posts

So I want to encrypt user passwords on registration but I want to be able to decrypt the same password so if the user loses their password that can run password recovery what is a good function on this or should I create a custom function, since md5 and shai1 are out of the picture here since they are 1 way encryption.

Link to comment
https://forums.phpfreaks.com/topic/83637-solved-encryptingdecrypting-strings/
Share on other sites

A better solution would be that, if a user loses their password, have a script make a new one, md5 it and store it, then email the user the new password. They should have the ability to change it to whatever once they login with the system supplied one.

 

PhREEEk

An after-thought... you want to ensure against malicious password resets, so the process should be:

 

1. User requests a password reset

2. System emails the account on record with an auth code for the password reset.

3. User retrieves email, and responds to the auth code challenge.

4. System generates a new password, and stores it md5'd.

5. New email sent to account on record with the new password.

6. User logs in with the temporary password and changes password to whatever they want from their profile page.

 

PhREEEk

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.