When writing a register.php page do you think it would be best to get php to crete the password and automatically email it to the user when they register or would it be best to allow the member to choose their own password when registering?
If you think one is better than the other can you specify why you think that?
I think it would be much better if the user chooses the password. Everyone can remember their very own password but no one can remember 'xtYcA4n9Ec'.
One of the reasons I never post on any forums using UltraBoard is because I forget my password :)
It agree that it is far better to let the users/members choose their own password.
If security is an issue, just do some basic checks to make sure the password is of a specific length, has both letters and numbers, upper and lower case in it, etc. etc.
heheh, the only time i use the "server generated password" method is if I have to MAKE SURE the user's email address is valid :)
myPHPhost: fact: we run PHP 4.0.2
Many forums generate a password to check the email address is valid, then in the email that is sent to tell the user the password, contains instructions to change it to whatever the user wants.
I don't really like forums that force that, but if fake email addresses is an issue, it would be a good idea.
Thanks for the replies folks. I think i'll set it up to allow members to choose their own passwords. The reason behind it is because when they revisit they'll need to login again to get access to the lastest job posts.
The reason I thought about using PHP to generate the password was to make sure they entered a valid email address but I'll just use PHP to check if it's valid instead.
Thank again folks :D
Is there a way to make PHP check if the email address is real?
I know there is something so that it will check that there is something like:
I think :)
But isn't that they only way to do it?
What they mean is they e-mail the server generated password to the user and they enter it to log on. So the email addy would have to be working for them to recieve the password.
There is a PHP class that checks if an email address is valid. It check to make sure:
1. The address is of the correct form
2. The domain/country code is correct
3. That there is a server out there responding to the domain
I have used it with great success.
ChrRmr , the whole point of authenticating email is to check if it is THEIR address
Do you know the name of that class and how to use it?