Posted by Andy Pieters on 05/10/05 17:27

Hi

You are doing the right thing storing passwords encrypted!

You may use any of the one way digest like secure hash 1 (sha1) or md5 or a
combination to generate a hash.

In case your user forgets his password, there is no way to reconstruct it.
You need to provide an interface where the user can enter their email and the
script sends a message to the user with a token. Afterwards, this token is
used as one time password to login and change the password.

Regards


Andy

--
Registered Linux User Number 379093
-- --BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/O/>E$ d-(---)>+ s:(+)>: a--(-)>? C++++$(+++) UL++++>++++$ P-(+)>++
L+++>++++$ E---(-)@ W+++>+++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++)
PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+)
e>++++$@ h++(*) r-->++ y--()>++++
-- ---END GEEK CODE BLOCK------
--
Check out these few php utilities that I released
under the GPL2 and that are meant for use with a
php cli binary:

http://www.vlaamse-kern.com/sas/
--

--

• Next in forum: Re: [PHP] how to know whether web server of a remote machine is running or not
• Prev in forum: RE: [PHP] While and echoing HTML
• Thread view: Re: [PHP] Password encryption and password retrieval

[Reply to this message]