How should I create the admin account in my authorization system?

Bijan

The question seems to be very simple, but it's haunting me for a while. I created an authorization system that you can define users in it. Ok, now that we have this system, the first time that a person wants to install my script on his server, he should also have a default admin account as the first account in his program. I'm using several tables for this script and I'm keeping their structure in a normal text file that later my client can copy and paste them into mysql and have his tables created. But what about this admin account? Should I also keep it as a mysql command in that same file that when he runs the queries for creating his tables, he get an admin account too? Another thing is that I'm MD5 ing my passwords and I'm using a salt for each password too. So, if I tell the user that here it's your admin password, and because he can see the MD5 version too, don't we have the possibility that he figures out the salt or something?

cyclops

It is totally useless to present the user the salted and MD5'ed string...

I think the best way is :

Let the user create a password, salt and MD5 it, save this string in your system, and have the user remember the password (duh...)
When checking the password, salt and MD5 his/her password, and compare this string to the string you saved earlier in your system.

If the (l)user forgets it, let the script create a new one and have it emailed to his box.

Bijan

Well, it wasn't exactly what I meant. I wanted to know how to create the first account in my system. You know, when you get the script from me and want to install it on your server, you have to have the first account (admin account) too, or you can never make a new account! I wasn't sure whether I should keep the mysql command in the list of all my mysql queries that when you run them, you get your admin account created or not. I asked one of my friends and he said it's just ok, you should do it.

Well, this one is solved I suppose, but now that you said it, let's ask that question too! You said in case a user forgets his password, I should make a new one and send it to his email. Ok, that's fine. But then I have that "Forgot your password?" link in my login page, that anybody can go to and enter a user name and asks for the new password. Of course they can't get that password if they don't have the password of my client's email, but they can keep changing his password and drive him crazy! What I thought is that not only I should ask for the person's user name, but I should also ask for him email. So, if he's the right person, he knows his own email. And then in my app I compare the entered email with the one that he has entered in his account (when he was registering) and only if they match I change the password and send it to that email address. Also if the person who is asking for a new password, enteres a wrong email address, I do NOT notify him and always prompt him a success message. What do you think? Is a good approach or what?