mike1313 Posted December 29, 2007 Share Posted December 29, 2007 So I want to encrypt user passwords on registration but I want to be able to decrypt the same password so if the user loses their password that can run password recovery what is a good function on this or should I create a custom function, since md5 and shai1 are out of the picture here since they are 1 way encryption. Link to comment https://forums.phpfreaks.com/topic/83637-solved-encryptingdecrypting-strings/ Share on other sites More sharing options...
PHP_PhREEEk Posted December 29, 2007 Share Posted December 29, 2007 A better solution would be that, if a user loses their password, have a script make a new one, md5 it and store it, then email the user the new password. They should have the ability to change it to whatever once they login with the system supplied one. PhREEEk Link to comment https://forums.phpfreaks.com/topic/83637-solved-encryptingdecrypting-strings/#findComment-425550 Share on other sites More sharing options...
PHP_PhREEEk Posted December 29, 2007 Share Posted December 29, 2007 An after-thought... you want to ensure against malicious password resets, so the process should be: 1. User requests a password reset 2. System emails the account on record with an auth code for the password reset. 3. User retrieves email, and responds to the auth code challenge. 4. System generates a new password, and stores it md5'd. 5. New email sent to account on record with the new password. 6. User logs in with the temporary password and changes password to whatever they want from their profile page. PhREEEk Link to comment https://forums.phpfreaks.com/topic/83637-solved-encryptingdecrypting-strings/#findComment-425554 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.