Stephen wrote:
You can't. Well that depends what method you used to create the passwords, but most likely you used a one-way encryption.That's what I'm going to do but how can I pull it from the database to decrypt it, then send it?
How to solve the problem then?
1. User klicks link 'Forgot my password'
2. Generate a one-time password for this user. Do not change the users
ordinary password yet.
3. Send mail to user with the one-time pw. This must be a verified
mailaddress.
4. Let the user enter his login/mailaddress and the one-time pw to
login.
5. Let the user enter a new pw. Then update the dB.
That's one way to do it with reasonable security.
Regards
Joakim
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
