AD7six,
> if (!preg_match(VALID_MD5, $password))
> {
> $this->data['Member']['password'] =
> md5($password); } return true;
> }But what if your plaintext password looks like a valid MD5 string? Myself and quite a few friends do this for some logins. If I did that here, then my password would be stored as plaintext in the database and thus I wouldn't be able to login. I guess a simple fix would be to restrict the type of password that can be saved, but that would annoy people like me ;) Lamby -- Chris Lamb, Leamington Spa, UK [EMAIL PROTECTED] WWW: www.chris-lamb.co.uk GPG: 0x634F9A20
signature.asc
Description: PGP signature
