From: "Matt Schroebel" <[EMAIL PROTECTED]>
>
> 1. Make up a random new password, PASSWORD() it, save it to the db while
> also setting the password expiration date to 20 minutes in the future,
> and setting a 'must change password flag', and mail the un-encrypted
> password along with a link to ch
Thank you! These are some great ideas.
Sam
"Brad Bonkoski" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> Typically in these systems you do not send them their password
un-encrypted if
> they lose it because like you said, it is one way. Normally, you collect
> certain information
1. Make up a random new password, PASSWORD() it, save it to the db while
also setting the password expiration date to 20 minutes in the future,
and setting a 'must change password flag', and mail the un-encrypted
password along with a link to change it.
2. Each time the visitor signons, check the
mysql has ENCRYPT() which will do the job
Peter
-Original Message-
From: Sam Folk-Williams [mailto:[EMAIL PROTECTED]
Sent: 28 July 2003 21:05
To: [EMAIL PROTECTED]
Subject: [PHP-DB] un-encrypting passwords
Hi,
I've got a PHP/MySQL site that uses a simple user table to check for a valid
Typically in these systems you do not send them their password un-encrypted if
they lose it because like you said, it is one way. Normally, you collect
certain information to validate them, and then generate a new password to email
them, so they can get it and once again reset their password if th
