Changing member passwords

LordRogaine

I'm creating a site where there is a member login. I am using the following script to create a random encrypted password.

function makeRandomPassword() {
$salt = "abchefghjkmnpqrstuvwxyz0123456789";
srand((double)microtime()*1000000);
$i = 0;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($salt, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
$random_password = makeRandomPassword();
$db_password=md5($random_password);

How can I make it so that the members can change their own password to something else after they made their initial login with the random password?

flameche

Add a field to your database store either the original password, or flag that says that the user's password is to be changed or even better, an expiration date.

if either original password and current password are the same, or is the flag is up or the expiration time is before now, you ask the user to change their password.

LordRogaine

I'm a newbie and confused. Flags? Anyway, I have an html form for the member to fill out. In this form he would put his old password(which he doesn't want) and then would put in his new password. How would I replace the passwords in the database?

flameche

A flag a is a boolean value that is eiter up or down, 0 or 1. So if you add a field in your database password state to specify the status of your password.

LordRogaine

thankyou for your reply, but this still doesn't tell me how to let the user change the password to one of his own choosing. What script would I use?