So I have a user system that stores the users password in a database with md5. I want to make a system so you can request a new password, and one will be sent to your email.
What is the best method of doing this? I know I can just send the person an email to the email they type in with the new password I generate, but then anyone could put in another users email and reset their password.
I could do the secret question thing, but I already have members who wouldn't have one filled out.