From: "Matt Schroebel" <[EMAIL PROTECTED]>

> 1. Make up a random new password, PASSWORD() it, save it to the db while
> also setting the password expiration date to 20 minutes in the future,
> and setting a 'must change password flag', and mail the un-encrypted
> password along with a link to change it.

AAAHHH!!! Don't do that. Do that and I'll write a little PHP script that'll
go through and change the password for every user you've got. Sure, they'll
get the password in the email (hope their email address is valid), but can
you imagine the PITA that would be?

Send them a link saying "you've requested to change / retrieve  your
password" with a link to click on. Explain to them that if they did not
request this, they can delete this email and their password will remain
unchanged. Clicking on the link has a unique ID that identifies who the user
is (you set this ID when they request the change/retrieval). Now, since you
know they got the email and they clicked on the link, you can safely assume
it's them (although you could ask a few simple questions) and let them set a
new password. Only then do you update it.

Passwords shouldn't be sent over email, only links to change the password.
The ID is tied to a certain time, so that if after X minutes, the link isn't
clicked, the request times out.

---John Holmes...

PHP Database Mailing List (
To unsubscribe, visit:

Reply via email to