Current security practices believe this is a bad idea. If you could do that then as the person running the site you would be able to get access to all of your users passwords.
The password reset feature is safer. The user pick the password and the system hashes it, that is all that is saved and it is one way (you can't get the original password). Then when they try to log in again the password they enter is hashed the same way and compared to the hash that is saved. If they match they get in, if not well they can always reset. Steve -----Original Message----- From: cfcom [mailto:cf...@aceligent.com] Sent: Friday, May 27, 2011 12:28 PM To: cf-talk Subject: SOT - adding password forgot function to Mura CMS First, sorry for the SOT The current version of MURA does not have a 'forgot password' feature. It only gives the user a 'reset' All the emails/passwords are encrypted in the database Does anyone have a suggestion on how to add a traditional 'forgot password' feature that will query the db and return the info to the user's email address? Thank you for your consideration ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344964 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
