Some help needed

[Yogiz]

Hi guys,

 

Was wondering if someone could provide me with some guidance as I'm new to php on how to write a password reminder script.

 

At the moment I have username (sha1) password and e-mail stored in mysql database, how do I extract the password from the database when it uses sha hash and e-mail it to the user?

 

Thanks in advance.

 

Yogiz

 

 

[Bauer418]

You don't.  When the user says they lost a password, you generate a random, temporary password and email it to them.  Any other way would be a completely pointless use of a hashing/encryption method.

 

A random password could be generated like this:

- Edited to change something I didn't like about the method I chose the first time.

<?php
function random_password($length=16) {
     $chars = array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9));
     $string = '';
     for ($i = 0; $i < $length; $i++) {
          $string .= $chars[array_rand($chars)];
     }
     return $string;
}
?>

[Yogiz]

Great thanks for that.

 

How do I upload the generated password to the database and then e-mail it to the user?

 

Yogiz

[unsider]

INSERT INTO // database

 

Use mySQL commands to enter the generated pass into database, then retreive the info from DB, and design a little email script.

 

Look for tutorials, you are trying to do some basic stuff, I actually believe I've seen some things you're looking for.

 

If I find some, I'll letcha know.

[Yogiz]

Could someone help in more detail?

[timmy0320]

Same way you registered their password except a little different. Create a Reset Password page, have them enter their username or email and it verifies the email is there (SELECT * FROM table WHERE username = $username) or email then if its present you will run the function as a variable even $newpass=random_password(); posted above and UPDATE table SET password = '$newpass' WHERE username = '$username'