[SOLVED] Retrieve user password
Moderator: General Moderators
-
tristanlee85
- Forum Contributor
- Posts: 172
- Joined: Fri Dec 19, 2003 7:28 am
[SOLVED] Retrieve user password
When a user registers, the password is encrypted as a MD5 hash. If I user forgets his/her password, I created a form to enter in some creditdentals to retrieve the password, but when I retrieve it, it shows the MD5 hash. How do I get this to the regular password?
-
tristanlee85
- Forum Contributor
- Posts: 172
- Joined: Fri Dec 19, 2003 7:28 am
That's the thing. I mean, this website isn't something that has truely personal information so maybe I don't need to use MD5 anyway...but I'd like to. My problem is I can't get sendmail to work right on my Linux box so I'm not able to send anything.
I guess what I could do was create a link where they enter in their name and e-mail address and their password would update to something different and display on the screen. Like I said, security really isn't an issue, but I just wanted to toy around with the MD5 encryption.
I guess what I could do was create a link where they enter in their name and e-mail address and their password would update to something different and display on the screen. Like I said, security really isn't an issue, but I just wanted to toy around with the MD5 encryption.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
The problem is most people resuse passwords. So passwords should, for the benefit and security of users, always be stored hashed. I would suggest you create a password "reset" facility or alternate path that they can use to log in.
Although I would suggest getting sendmail or an SMTP mailer such as phpMailer up first as being able to email is slightly important for most web applications.
Although I would suggest getting sendmail or an SMTP mailer such as phpMailer up first as being able to email is slightly important for most web applications.
-
tristanlee85
- Forum Contributor
- Posts: 172
- Joined: Fri Dec 19, 2003 7:28 am
phpMailer was the perfect solution. I got it working perfect now. If they forget their password, they enter in their username and e-mail address and it e-mails a temporary password. Then, once they login, it checks the password to see if it's the temp password or not. If so, they have to create a new one.