View Single Post
10-29-2007, 10:25 AM
Join Date: Sep 2007
What i normally do is have an additional column on the table say for example "password_reset_key".
You then set a randomised key (md5(time() . $salt) i normally use), and email that to the user, the user can then change his/her password if it is the official user. If it is not the owner of the account he/she can simply ignore the forgot password request and live on with the same user and password credentials.
Note: Its good to throttle the amount of requests from a single IP address on the page used to reset the password, as brute force can be done if the password_key's aren't that long....
Halo 3 Cheats
View Public Profile
Send a private message to bluesaga
Find More Posts by bluesaga