SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Guru
    Join Date
    Mar 2002
    Posts
    608
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How To Send Password Reminder if it is md5 Protected?

    Hello

    I use the md5 function to protect a password, and it works perfectly when one enters it for log-in. However, what happens if a user forgets their password?

    How can they get the human version of their password instead of the existing hash version that sits in the database?

    (On edit - Seems my only option is to have a new one generated and sent to their email. Is that correct?)

    Thank you

  2. #2
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Yes, that's correct, you need to issue them a new random password. md5 is a one way encryption algorithm and cannot be decrypted.
    Saul

  3. #3
    SitePoint Evangelist superuser2's Avatar
    Join Date
    Aug 2006
    Posts
    598
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    php_daemon is right. The whole point of md5 is that it cannot be decrypted. Send users a link to a page that resets their password. DO NOT RESET THE PASSWORD UNTIL THE USER CLICKS A LINK IN THE EMAIL. Otherwise, it means that hackers can randomly enter email addresses, and every user they guess correctly gets their password screwed up. True, the hacker doesn't have the password or access to the account, but it will make the user mad.

    --superuser2


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •