This is how I'm going to work things. Store the password using PASSWORD() in the table. Allow user to request their forgotten username and/or password. If the password is requested, I will reset the password to a random value and store this in the table using PASSWORD(). The username and/or password will then be emailed to the user. I will also provide a location where the user can change their password once they are authenticated in the members area.
I think this approach allows the password to maintain a certain level of security and give the user the greatest flexibility on maintaining their password. Zach -----Original Message----- From: matt stewart [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 2:19 AM To: 'Zach Curtis'; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] Decrypting PASSWORD() from MySQL I would go for the "generate new random password" approach - email the new random password to the registered email address, then they can log in using it and reset it to whatever they want. probably easier than using lots of code encrypting and decrypting things? Let me know what you decide on, and if you do enc/decrypt stuff, i'd be interested in seeing the code for a similar thing myself! Matt -----Original Message----- From: Zach Curtis [mailto:[EMAIL PROTECTED]] Sent: 19 December 2001 20:27 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] Decrypting PASSWORD() from MySQL Thanks for the suggestions. I guess I can try to: A) Store the password in plaintext if I need to retrieve the password. B) Store the password using PASSWORD() and then generate a new random password if needed, replacing the old password. C) Look into mcrypt, ENCODE()/DECODE(), encipher/decipher Thanks, Zach -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, December 19, 2001 12:56 PM To: Zach Curtis Cc: [EMAIL PROTECTED] Subject: RE: [PHP-DB] Decrypting PASSWORD() from MySQL Yet another example of ted's out-to-lunchness... Use the mcrypt functions on the password... -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/01 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.307 / Virus Database: 168 - Release Date: 11/12/01 -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
