Posted by Andy Pieters on 05/10/05 17:27
Hi
You are doing the right thing storing passwords encrypted!
You may use any of the one way digest like secure hash 1 (sha1) or md5 or a
combination to generate a hash.
In case your user forgets his password, there is no way to reconstruct it.
You need to provide an interface where the user can enter their email and the
script sends a message to the user with a token. Afterwards, this token is
used as one time password to login and change the password.
Regards
Andy
--
Registered Linux User Number 379093
-- --BEGIN GEEK CODE BLOCK-----
Version: 3.1
GAT/O/>E$ d-(---)>+ s:(+)>: a--(-)>? C++++$(+++) UL++++>++++$ P-(+)>++
L+++>++++$ E---(-)@ W+++>+++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++)
PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+)
e>++++$@ h++(*) r-->++ y--()>++++
-- ---END GEEK CODE BLOCK------
--
Check out these few php utilities that I released
under the GPL2 and that are meant for use with a
php cli binary:
http://www.vlaamse-kern.com/sas/
--
--
[Back to original message]
|