Results 1 to 3 of 3
Nov 22, 2006, 15:46 #1
- Join Date
- Mar 2002
- 0 Post(s)
- 0 Thread(s)
How To Send Password Reminder if it is md5 Protected?
I use the md5 function to protect a password, and it works perfectly when one enters it for log-in. However, what happens if a user forgets their password?
How can they get the human version of their password instead of the existing hash version that sits in the database?
(On edit - Seems my only option is to have a new one generated and sent to their email. Is that correct?)
Nov 22, 2006, 15:51 #2
Yes, that's correct, you need to issue them a new random password. md5 is a one way encryption algorithm and cannot be decrypted.Saul
Nov 23, 2006, 07:52 #3
php_daemon is right. The whole point of md5 is that it cannot be decrypted. Send users a link to a page that resets their password. DO NOT RESET THE PASSWORD UNTIL THE USER CLICKS A LINK IN THE EMAIL. Otherwise, it means that hackers can randomly enter email addresses, and every user they guess correctly gets their password screwed up. True, the hacker doesn't have the password or access to the account, but it will make the user mad.