Wtf? Password Recovery? MD5? Unreversable? !!
View Single Post
02-17-2008, 03:55 PM
Join Date: Nov 2007
Originally Posted by
No. If someone forgets their password, it's better (and the only option) to make a new one.
Exactly. It's very common (this forum does it, for example) to have a 'reset password' function. MD5 is a one-way hash, it can't be reversed. You come up with a decent algorithm to create a perfectly random password, store it in the `user_password` field in the database for that user, and then email it to them. Hopefully, they still have access to that email account (and they alone have access to it), retrieve the new unique password and then login with that. Once logged in, they can reset (and you can then update the users table with) their own password.
I reject your reality, and substitute my own.
View Public Profile
Send a private message to SOCK
Find More Posts by SOCK