As others suggested, use md5 or one of the mhash functions. You can't
retrieve the password, but you shouldn't need to anyway.
When someone looses their password, get rid of their old one and mail them
their randomly created new one. Then just allow them to change it to
whatever they want.
Make sure to tell them to use a valid email address or require a
confirmation, otherwise when people loose their password they can never get
it back.
People tend to email you when they loose their password, so be sure to make
it clear that "once it's gone, it's really gone, and you just have to pick a
new one".
I try to avoid emailing a user with their password with exception to when
they loose it. Then again, there isn't really much of an alternative...
--
Plutarck
Should be working on something...
...but forgot what it was.
""Ashley M. Kirchner"" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
>
> I'm looking for comments on this one. I'm developing a site that
> will have user logins on it. What's the best way to do this? What to
> store, and how?
>
> - Are people more inclined to use a username when they need to log
> in to something, or would asking for an email (as the userID) be
> better?
>
> - How about storing passwords? All of this info will be stored in
> an MySQL DB. How do admins generally do this type of stuff?
> Encrypt the password stored in the DB, and decrypt it on the fly
> to compare? Store it in plain text? Or store it encrypted,
> and when the user logs in, encrypt that passwd (from the form)
> and compare the strings? (not sure if the latter would work)
>
> - What about sending people passwords through email? Like when
> someone signs up the first time, they supply a passwd. How do
> people feel about sending that login information to the user in
> plain text via email? Or do you?
>
> - What about when the user forgets their login? Just fetch the
> info from DB and mail it out to the (registered) email address?
> Or, generate a new, generic one, mail that one out, and tell the
> user to login and change it again?
>
> Suggestions please.
>
> AMK4
>
> --
> W |
> | I haven't lost my mind; it's backed up on tape somewhere.
> |____________________________________________________________________
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Ashley M. Kirchner <mailto:[EMAIL PROTECTED]> . 303.442.6410 x130
> SysAdmin / Websmith . 800.441.3873 x130
> Photo Craft Laboratories, Inc. . eFax 248.671.0909
> http://www.pcraft.com . 3550 Arapahoe Ave #6
> .................. . . . . Boulder, CO 80303, USA
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> To contact the list administrators, e-mail: [EMAIL PROTECTED]
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
