Jeff,
In order to maintain a strong encryption of passwords, you should probably
use an MD5 hash. Unfortunately, this is a one-way street. What I would
suggest doing however, is not actually attempt to give the user their
password, but allow them to change it.
To do this, you would need to have some sort of lost password script. This
would ask for an email address as input (you might also consider allowing a
username input... or both). The script would then insert a new MD5 hash of
some useful, but meaning less information, such as a timestamp or something
similar... Of course, you might want to make it a little more difficult
than that for genuine randomness... It would then email a URL of another
script with this MD5 hash in the URL. When the go to the URL, you would
check the MD5 hash they provide with the one you stored in the database. If
it matches, you can let them change their password.
I've never actually done this, but it seems logical and is definately how
I'd do it given the need... Cheers!
John Pickett
http://www.bvstudios.com/
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
