[RESOLVED] Password problem

vertmonkee

I am trying to write a script to send users their password if they have forgotten thiers.

Everything works fine except the retrieval of the actual password.

The password originally goes into the database using the PASSWORD() function but when i try to retrieve it and store it in a variable I can't get it to work.

Here is a simple piece of code where I have tried to do this.

$sql = "SELECT (PASSWORD('password')) FROM users WHERE username = 'vertmonkee'";
$result = mysql_query($sql) or die(mysql_error());
while($row = mysql_fetch_array($result)) {
	extract ($row);
	echo $password;
}

Any help is appreciated.
Thanks

cahva

You cant get the password as it was put because its a hash of the password that goes to database. Its a oneway encryption, just like MD5.

The best thing would be that if people forgot their password, you will send email to the user with a link to reset the password. Then when someone gots the email with reset password link, it will send another email with temporary password that user can change to their likings. Ofcourse you can try to put the password in a way that its reversible(you encrypt it in a different way) but its a security risk.

TobyRT

I agree cahva - it's not worth the risk!

When I created mine, I simply used a flagging system:

Given that my site relates to a paying membership, all usernames (email addresses) must exist inthe database of paying members

Users don't automatically get a login when they join (I'm fixing that at the moment)

When they want to log in for the first time, they must hit 'get/reset password'

This generates a random hash (but substr'd to 8 chars) sets it as their password, and emails it to them at the address they specified. If the address isn't in the database, they get an error (you are not a member or are not using your registered email)

It also sets a 'reset' flag to a value of 1.

The user can then check their email, pick up this random hash (actually based on a timestamp) and enter it as their password. If the email and password are successful, it checks the 'reset' flag.

Because this flag is set to '1' they are redirected to a page asking them to change it.

At this point they simply enter the hash they were given and enter (and confirm) a new password.

If the hash matches, and the two new passwords match, it updates their account and they are logged in with a nice easy to remember password.

vertmonkee

Thanks for the advice.

My site doesn't require people to pay to join but you can never really be too careful with people's personal details.

I have decided to with the idea of reseting their passwords and emailing the new one. Once logged in they will then have the option to change their password to whatever they desire.

TobyRt's suggestion sounds excellent and if ever I create sites that require a little more security then I think something like that will be a must.