PHP : What happens when user forgets password on site.

[benjamin.morgan]

I am learning PHP right now. I recently watched a video on md5() encryption. If a user forgets there password how do you view there password where you can email it back to them or would this be a script that decodes it and emails it?

 

[Absolution]

You always ask the tricky questions. I am bumping this up for you lol. Maybe thats why many websites reset the password and send the user a newly generated on? (I actually have no clue on the subject)

 

[benjamin.morgan]

Lol, I am just a person trying to learn. I figure personal experiences are the best way. I mean they have to have a script or something to change it or something.

 

[Glenn]

I'd like to know this also.

 

[irrra]

People learn from their mistakes, without exception. I do this))))

 

[DHDdirect]

You can either setup what Absolution mentioned with resetting the password to something random and emailing it off, or you can just set it up to send off the forgotten password via email.

Most websites ask for the account email address and account username. You can go a step further I suppose and have a customer answer a secret question on signup that they can answer to retrieve their password.

 

[benjamin.morgan]

Thanks, Would it be a script that does this?

 

[MarkR]

The whole point of the md5 encryption is that it's meant to be one way and non recoverable (until it was ruined with rainbow tables). You're best off sending the user an email with a link they can use once to reset their password.