The php.net manual

http://ca3.php.net/manual/en/function.md5.php

user note said:

--
Rizwan Kaif
01-Aug-2003 12:58

The md5() function is very useful for Password encryption. Keep in mind that we can not Decrypt it.

--
1) My first question is

After we use md5() to encrypt the password and save it in a database, we cannot decrypt it?

So we cannot decrypt the password and send it to the user if he forget his password? Is it true?

2) My second question is that

I have seen two approaches to handle the recover password

a) e-mail it out to the user if he forget the password? this approach we must know how to decrypt the encrypted password.

b) e-mail a link to the user with the temporary password checking (encrypted) and let the user reset its new password. this approach we don't need to decrypt the encrypted password.

which approach you suggest?

Thanks!

    1) You are correct, you cannot decrypt it after it is stored in the db. You can only encrypt what they put in your form and compare them.

    2) It all depends on your encryption scheme. If you can decrypt the password from your DB, great, but if it is MD5 or something like that, then you pretty much have to have them reset it.

      Write a Reply...