I like the new password idea. How do I make sure it's them who's creating
a new password so that someone else doesn't maliciously change their
password? If someone knew someone's username and e-mail address
I would think they could change it. Thanks.
Jeff
> This doesn't seem to solve his problem of encryption, however. If you really
> want secure encryption, you'll be using one-way encryption, which means it
> cannot be decoded/decrypted/unencrypted/whatever. If you want to use this
> method, then instead of sending them their password, it would be best to
> create a NEW password, send it via e-mail, then encrypt and store the new
> password in the database, overwriting the old one.
>
> If you only want mild security on the passwords, you can always use some
> encode() and decode() like base64 encoding/decoding. It's not really
> "security" but it might discourage some script kiddies or hacker wannabes.
> Or you can be a little more creative and create your own password
> encryption/decryption, which would be a bit harder to break, depending on
> the level of complexity of the algorithm.
>
> - Jonathan
>
>
> "Russ Michell" <[EMAIL PROTECTED]> wrote in message
> news:SIMEON.10108311759.J@k1c. anglia.ac.uk...
> > Have a registration screen that inserts their names, email etc *and* their
> choice of username +
> > password:
> >
> > $sql = "INSERT INTO <table> (username,realname,password,email) VALUES
> > ('$username',$realname',password('$password'),'$email')";
> > $result = mysql_query($sql,$connect);
> >
> > //and do a check if the username chosen exists already:
> >
> > $chksql = "SELECT username FROM <table> WHERE username='$username'";
> > $chkresult = mysql_query($chksql,$connect);
> > $check = mysql_num_rows($chkresult);
> > if ($check == 0)
> > echo "this username already exists, select another.";
> > }
> > else {
> > echo "continue!";
> > }
> >
> > if they have fogotton their password after registering, then have a link
> that sets a variable, and
> > check or this variable at the top of the page:
> >
> > <a href=\"$PHP_SELF?id=lostpassword\">go here to retrieve lost
> password</a>
> >
> > if '$id' is set then have the user input their password and email address
> (the one they registered
> > with) and query the database for a username on the basis of the inputted
> info, and email it using
> > mail() to that email address!
> >
> > Use the same method for a lost username, they can then input their
> password and email and the
> > system will mail them the lost details!
> >
> > Good luck!
> > Russ
> >
> > On Fri, 31 Aug 2001 10:38:53 -0500 Jeff Oien <[EMAIL PROTECTED]> wrote:
> >
> > > I would like users to be able to request to have their password
> > > sent to their email address if they forget it. I would also like it
> > > encrypted in the database though. How is this best handled?
> > >
> > > The security isn't real important. But I let users choose their
> > > own password and if they use a password they use for other
> > > things I think it would be best for it to be encrypted.
> > > Jeff Oien
> > >
> > > --
> > > PHP Database Mailing List (http://www.php.net/)
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > > To contact the list administrators, e-mail: [EMAIL PROTECTED]
> > >
> >
> > #-------------------------------------------------------#
> >
> > "Believe nothing - consider everything"
> >
> > Russ Michell
> > Anglia Polytechnic University Webteam
> > Room 1C 'The Eastings' East Road, Cambridge
> >
> > e: [EMAIL PROTECTED]
> > w: www.apu.ac.uk/webteam
> > t: +44 (0)1223 363271 x 2331
> >
> > www.theruss.com
> >
> > #-------------------------------------------------------#
> >
>
>
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
