This doesn't seem to solve his problem of encryption, however. If you really
want secure encryption, you'll be using one-way encryption, which means it
cannot be decoded/decrypted/unencrypted/whatever. If you want to use this
method, then instead of sending them their password, it would be best to
create a NEW password, send it via e-mail, then encrypt and store the new
password in the database, overwriting the old one.
If you only want mild security on the passwords, you can always use some
encode() and decode() like base64 encoding/decoding. It's not really
"security" but it might discourage some script kiddies or hacker wannabes.
Or you can be a little more creative and create your own password
encryption/decryption, which would be a bit harder to break, depending on
the level of complexity of the algorithm.
- Jonathan
"Russ Michell" <[EMAIL PROTECTED]> wrote in message
news:SIMEON.10108311759.J@k1c. anglia.ac.uk...
> Have a registration screen that inserts their names, email etc *and* their
choice of username +
> password:
>
> $sql = "INSERT INTO <table> (username,realname,password,email) VALUES
> ('$username',$realname',password('$password'),'$email')";
> $result = mysql_query($sql,$connect);
>
> //and do a check if the username chosen exists already:
>
> $chksql = "SELECT username FROM <table> WHERE username='$username'";
> $chkresult = mysql_query($chksql,$connect);
> $check = mysql_num_rows($chkresult);
> if ($check == 0)
> echo "this username already exists, select another.";
> }
> else {
> echo "continue!";
> }
>
> if they have fogotton their password after registering, then have a link
that sets a variable, and
> check or this variable at the top of the page:
>
> <a href=\"$PHP_SELF?id=lostpassword\">go here to retrieve lost
password</a>
>
> if '$id' is set then have the user input their password and email address
(the one they registered
> with) and query the database for a username on the basis of the inputted
info, and email it using
> mail() to that email address!
>
> Use the same method for a lost username, they can then input their
password and email and the
> system will mail them the lost details!
>
> Good luck!
> Russ
>
> On Fri, 31 Aug 2001 10:38:53 -0500 Jeff Oien <[EMAIL PROTECTED]> wrote:
>
> > I would like users to be able to request to have their password
> > sent to their email address if they forget it. I would also like it
> > encrypted in the database though. How is this best handled?
> >
> > The security isn't real important. But I let users choose their
> > own password and if they use a password they use for other
> > things I think it would be best for it to be encrypted.
> > Jeff Oien
> >
> > --
> > PHP Database Mailing List (http://www.php.net/)
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> >
>
> #-------------------------------------------------------#
>
> "Believe nothing - consider everything"
>
> Russ Michell
> Anglia Polytechnic University Webteam
> Room 1C 'The Eastings' East Road, Cambridge
>
> e: [EMAIL PROTECTED]
> w: www.apu.ac.uk/webteam
> t: +44 (0)1223 363271 x 2331
>
> www.theruss.com
>
> #-------------------------------------------------------#
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
