SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Member
    Join Date
    Jun 2011
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Random string generation

    is there any way that i can generate random string from user password and regenerate a password from that random string when a user forgot his/her password in php other than using .MD5?

  2. #2
    SitePoint Wizard bronze trophy chris.upjohn's Avatar
    Join Date
    Apr 2010
    Location
    Melbourne, AU
    Posts
    2,191
    Mentioned
    17 Post(s)
    Tagged
    1 Thread(s)

  3. #3
    From Italy with love silver trophybronze trophy
    guido2004's Avatar
    Join Date
    Sep 2004
    Posts
    9,500
    Mentioned
    163 Post(s)
    Tagged
    4 Thread(s)
    When you use MD5, you can't regenerate the password from the MD5-ed password.
    And that's how it should be.

    If a user forgets his password, send him a mail (to his registered email address) with a new random password or a link where he can set a new password.

  4. #4
    rajug.replace('Raju Gautam'); bronze trophy Raju Gautam's Avatar
    Join Date
    Oct 2006
    Location
    Kathmandu, Nepal
    Posts
    4,013
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Do you mean you want two way encrypted strings? If I have understood correctly, for passwords I don't think that would be good idea. I would recommend using hd5, sha1 functions for password things. You can allow them to reset passwords if they forgot their password. If you really want to two way general string then you can use base64_encode/decode functions.
    Mistakes are proof that you are trying.....
    ------------------------------------------------------------------------
    PSD to HTML - SlicingArt.com | Personal Blog | ZCE - PHP 5

  5. #5
    SitePoint Wizard bronze trophy Immerse's Avatar
    Join Date
    Mar 2006
    Location
    Netherlands
    Posts
    1,661
    Mentioned
    7 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by Samila View Post
    is there any way that i can generate random string from user password and regenerate a password from that random string when a user forgot his/her password in php other than using .MD5?
    As others have said, don't do that. It's no more secure than storing the passwords in plain text.

    As Guido suggests, it's much better to send them a link where they can set a new password. Make sure the link can only be used once, and make it timeout after a while. E.g. at work, we time the link out after 3 hours (although I'd much prefer to do so after only 15 minutes).


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •