password retreival

drag0n

I am building a user login for my portal, but in the past Ive always used "reset my password" and it gets e-mailed to them with a random password, but Im wondering how sites do the "e-mail me my password" where it e-mails them their current password? I thought there was no way to decode md5() or password() so how do they e-mail it to the user?

Rayn

is they email the password then they didnt hash it.

What I have done is send them a link with a hash to a place where they can just change thier password.

The hash would call info from the database like userid, then it would give this user a change password form.. once they submit it the hash will be deleted as to make sure no one can use that link again if the email some how gets out.

rayn