Hi You are doing the right thing storing passwords encrypted!
You may use any of the one way digest like secure hash 1 (sha1) or md5 or a combination to generate a hash. In case your user forgets his password, there is no way to reconstruct it. You need to provide an interface where the user can enter their email and the script sends a message to the user with a token. Afterwards, this token is used as one time password to login and change the password. Regards Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT/O/>E$ d-(---)>+ s:(+)>: a--(-)>? C++++$(+++) UL++++>++++$ P-(+)>++ L+++>++++$ E---(-)@ W+++>+++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e>++++$@ h++(*) r-->++ y--()>++++ -- ---END GEEK CODE BLOCK------ -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
