in my code I am trying to send an email (containing a password) to a user when he has forgotten his password.
The problem is that security leads to needing to encrypt passwords in the database. Im using the password function within mysql. Is there any way of reversing the password function() to get the original password to send out to the user?
Or are there any other suggestions in PHP to reverse encryption of passwords. I do understand the principles of encryption and can see the point of unreversible functions but Im sure that not all applications re-set passwords with random generated ones but do send out forgotten passwords.
$pwtestOK=FALSE
It's a bit tricky to make it really secure. If your site is vulnerable to serious cracker attacks, better find some indepth articles.
What i've seen CMS systems do is take a password from a form and put it as MD5($password) in the database. MD5 is irreversible but when you let people login you simply compare it like this:
if (MD5(enteredpassword) == password_in_database)
$pwtestOK=TRUE;if (!$pwtestOK) {echo 'wrong password'; exit;}
http://nl.php.net/manual/en/function.md5.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
