Hi there.
I've got a register and login page that both work fine. On the register page, the password is sent a MySQL database table after it has run through the PASSWORD() function.
I did this as all of my users are family and friends, and I don't want to see their passwords personally.
I have just now discovered that PASSWORD() and MD5 are one way trips, so my plans to set up a "forgotten password" page are on hold.
My server supports mcrypt, and I was wondering if it is possible to use this for such a thing (register, login and decrypt for auto-mail if the passord is forgotten)?
Luckily the site is brand new and only three people have registered, so it's not a major to start over and loose the current passwords.
If this is possible, any good urls explaining the use of the commands (I have had a look at some) would be great.
Thanks
Aaron
I've got a register and login page that both work fine. On the register page, the password is sent a MySQL database table after it has run through the PASSWORD() function.
I did this as all of my users are family and friends, and I don't want to see their passwords personally.
I have just now discovered that PASSWORD() and MD5 are one way trips, so my plans to set up a "forgotten password" page are on hold.
My server supports mcrypt, and I was wondering if it is possible to use this for such a thing (register, login and decrypt for auto-mail if the passord is forgotten)?
Luckily the site is brand new and only three people have registered, so it's not a major to start over and loose the current passwords.
If this is possible, any good urls explaining the use of the commands (I have had a look at some) would be great.
Thanks
Aaron