Page 2 of 2
Posted: Wed Jul 07, 2004 12:27 am
by John Cartwright
Code: Select all
<?
mysql_connect("localhost","usernamehere","passwordhere");
mysql_select_db("yourdatabase";
?>
add that to the top of your script and your ready to go...
also1 I would recommend they verify their birthday, email, and middle name of osmething

...
also2 make suyre that once they recieve their new pw... that they have an option to change their pw to whatever they need
also3 I recommend not using the 10 digit number... but rather a mix of numbers and letters.. something less easy to crack
thats sounds
Posted: Wed Jul 07, 2004 2:30 pm
by fresh
like good advice, I will take it, and thank you for your help on the scripts...

Posted: Fri Jul 09, 2004 5:49 pm
by John Cartwright
evilmonkey wrote:I have to add a comment about md5(). It is very very very easy to hack into. If I have an md5() hash (under 6 characters), I can crack it in under 5 minutes, and I'm not even a hacker, and this stuff doesn't interest me. Don't use it to store super-sensitive data such as credit card info or bank PINs. (PIN: 4 characters, this about how easy it is to brute-force). PHP.net users have suggested a good alrenative:
Code: Select all
$password = strrev(md5(md5(strrev(md5($inputpass)))));
Be sure to use this everywhere on the site.
Good luck!
how do u decrypt it?