Thread: PHP Forgot Password script
View Single Post
  #2 (permalink)  
Old Aug 30th, 2006, 20:36
ukgeoff ukgeoff is offline
Most Reputable Member
Join Date: Apr 2006
Location: Cornwall, UK
Posts: 1,310
Thanks: 0
Thanked 0 Times in 0 Posts
Re: PHP Forgot Password script
First off you should not be able to see the password because it's just that!

So if the user forgets their password, what you should do is generate them a new temporary login which they then use to set their new password.

A login script needs to process the form information, check the id and the MD5 hashed password against that held in the database and if they match, let the user in.

The change password script is almost identical except that you require the user to enter both the old and the new password. Only if the old password, when given the MD5 treatment, matches that held in the database, do you accept the new password, give it the MD5 treatment and store it in the database.

Lots of info can be found on http://php.net
Reply With Quote