Does anyone have a 'safe' "I forgot my password" script? I utilize vqregister to allow users to sign-up, so I have their original email address, and I also have a 'secret word' they've provided.
phpMember Just does: $result=mysql_fetch_array(mysql_db_query($db_name, "SELECT * FROM $tbl_member WHERE login = '$login'" )); But that doesn't seem safe to me. The input is never sanitized... especially for vqregister, where a user could potentially pick an already used user name who's been deleted - then I just want the last row, but still - isn't it possible to stick a join in there or something? Any ideas on this subject? Rick
