Have a registration screen that inserts their names, email etc *and* their choice of
username +
password:
$sql = INSERT INTO table (username,realname,password,email) VALUES
('$username',$realname',password('$password'),'$email');
$result = mysql_query($sql,$connect);
//and do a check if the
Sorry it should have read:
if ($check != 0)
echo this username already exists, select another.;
}
else {
echo continue!;
}
Cheers.
Russ
On Fri, 31 Aug 2001 17:43:59 +0100 (GMT Daylight Time) Russ Michell
[EMAIL PROTECTED] wrote:
Have a registration screen
Ugh, need to proof-read... Let me repost:
Jeff,
In order to maintain a strong encryption of passwords, you should probably
use an MD5 hash. Unfortunately, this is a one-way street. What I would
suggest doing however, is not actually attempt to give the user their
password, but allow them to
I like the new password idea. How do I make sure it's them who's creating
a new password so that someone else doesn't maliciously change their
password? If someone knew someone's username and e-mail address
I would think they could change it. Thanks.
Jeff
This doesn't seem to solve his problem
Don't let them change it to whatever they want - have your program/system
create a new, random password and e-mail it to the user's account. Unless
the malicious person has a way to intercept the e-mail - which is possible -
it's kind of useless. But how else are you going to get that information
I think you both (Jeff and Jon) misunderstood what I meant... Of course, I
probably didn't explain very well either :-)
I will describe the process again and then address each of your concerns...
- Create a form named lostpass.php or something similar. This form should
take the user's email