lost password?....retrive back the password

A

Anonymous

Guest
How am i suppose to retrive back the password when the user has lost he's/her password, and i want to retrive it back and send to their email, so how i am suppose to write this code....im facing this difficulties, cam anyone teach me and give me some idea of it?
 
It depends how you've stored the password.

Normally (probably) the password is stored in a database, but it has been encrypted using md5() . In this case, you can't get the password back. What you'd have to do is to automatically generate a password, send it, encrypt it with md5(), then store it. You can then let the user change the password again.

If it's just stored as is in the database or whatever, it's pretty simple to pull it out and send it to the associated email. Normally though, it isn't the best idea to keep it just as it is in the database, as it is pretty simple for someone who's not that trustworthy to go grabbing everyone's passwords and then screw everything up.

Will
 
a method that I have found effective is to generate a random string and email that string as a link to the user. When they click on the link they can change the password. I make it so the link only remains active for 1 hour then expires. It's the same concept nextel uses for their password resets.
 
Redcircle said:
a method that I have found effective is to generate a random string and email that string as a link to the user. When they click on the link they can change the password. I make it so the link only remains active for 1 hour then expires. It's the same concept nextel uses for their password resets.
Click to expand...

What would you say is the best to use , to make a random password and email the user ( then they can just change their password again ) or your way of sending them a link where they can change their pass and then it exires.
 
I'd say that both methods are pretty much equivalent in terms of security. But it occurs to me that if you reset the user's password, the first thing they're going to do is change it to something they can remember. So maybe letting them change it outright is less trouble for the user.
 
swirlee said:
So maybe letting them change it outright is less trouble for the user.
Click to expand...

Very true , Thanks for the post. Why does no one post in the hack php, I just wanne find out some securety tips.
 
Well, probably because there is a very limited number of people in the world who have actual web site cracking skills and who are interested in doing a security consultation on your site for free, and no such people have stumbled across your post so far.
 
Interesting things I'm readed some time ago....

User name:`a`=a or 0=0

Password no matter....
It's mean what you send to SQL server expression, where beforehand return true.....
 
You must log in or register to reply here.
Back
Top