Stephen wrote:
That's what I'm going to do but how can I pull it from the database to
decrypt it, then send it?
You can't. Well that depends what method you used to create the passwords, but most likely you used a one-way encryption.

How to solve the problem then?

1. User klicks link 'Forgot my password'
2. Generate a one-time password for this user. Do not change the users
ordinary password yet.
3. Send mail to user with the one-time pw. This must be a verified
4. Let the user enter his login/mailaddress and the one-time pw to
5. Let the user enter a new pw. Then update the dB.

That's one way to do it with reasonable security.


PHP General Mailing List (
To unsubscribe, visit:

Reply via email to