I think you both (Jeff and Jon) misunderstood what I meant... Of course, I
probably didn't explain very well either :-)
I will describe the process again and then address each of your concerns...
- Create a form named lostpass.php or something similar. This form should
take the user's email ad
Don't let them change it to whatever they want - have your program/system
create a new, random password and e-mail it to the user's account. Unless
the malicious person has a way to intercept the e-mail - which is possible -
it's kind of useless. But how else are you going to get that information
I like the new password idea. How do I make sure it's them who's creating
a new password so that someone else doesn't maliciously change their
password? If someone knew someone's username and e-mail address
I would think they could change it. Thanks.
Jeff
> This doesn't seem to solve his problem
Ugh, need to proof-read... Let me repost:
Jeff,
In order to maintain a strong encryption of passwords, you should probably
use an MD5 hash. Unfortunately, this is a one-way street. What I would
suggest doing however, is not actually attempt to give the user their
password, but allow them to c
Jeff,
In order to maintain a strong encryption of passwords, you should probably
use an MD5 hash. Unfortunately, this is a one-way street. What I would
suggest doing however, is not actually attempt to give the user their
password, but allow them to change it.
To do this, you would need to hav
This doesn't seem to solve his problem of encryption, however. If you really
want secure encryption, you'll be using one-way encryption, which means it
cannot be decoded/decrypted/unencrypted/whatever. If you want to use this
method, then instead of sending them their password, it would be best to
Sorry it should have read:
if ($check != 0)
echo "this username already exists, select another.";
}
else {
echo "continue!";
}
Cheers.
Russ
On Fri, 31 Aug 2001 17:43:59 +0100 (GMT Daylight Time) Russ Michell
<[EMAIL PROTECTED]> wrote:
> Have a registration scre
Have a registration screen that inserts their names, email etc *and* their choice of
username +
password:
$sql = "INSERT INTO (username,realname,password,email) VALUES
('$username',$realname',password('$password'),'$email')";
$result = mysql_query($sql,$connect);
//and do a check if the user
