1) I can't really answer this because it is situation specific. For example, if you encrypt your passwords in your database then it is impossible to get the original password (not impossible but not worth it). Your best bet is to generate a new password for them.
Althoght that is the best solution, IMHO, it still has some security flaws unless properly taken care of. Usually what I like to do when users register I require them to put in a secret question and a valid email. If the user requests a new password I will redirect them to a page where they input their email address and their secret answer and if both of them match the information in the database I email it to their email.
2) Can be done easily by something like this
Code: Select all
<?php
$sql = "SELECT * FROM `mysite_members` ORDER BY `id`";
$result = mysql_query($sql) or die(mysql_error());
while ($row= mysql_fetch_assoc($result))
{
echo 'username: '.$row['username'].'<br>
email: '.$row['email'];
}
?>