Ugh, need to proof-read... Let me repost:
Jeff,
In order to maintain a strong encryption of passwords, you should probably
use an MD5 hash. Unfortunately, this is a one-way street. What I would
suggest doing however, is not actually attempt to give the user their
password, but allow them to change it.
To do this, you would need to have some sort of lost password script. This
would ask for an email address as input (you might also consider allowing a
username input... or both). The script would then insert a new MD5 hash of
some useful, but meaningless information into the database (same row as
their
user information, such as a timestamp or something similar... Of course,
you
might want to make it a little more difficult than that for genuine
randomness...
It would then email a URL of another script with this MD5 hash in the URL.
When the go to the URL, you would check the MD5 hash they provide with
the one you stored in the database. If it matches, you can let them change
their password.
I've never actually done this, but it seems logical and is definately how
I'd do it given the need... Cheers!
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
