Quote:
Originally posted by hyper
well here is the deal
im writing the script so when they signup they choose their own password, but if they lose their password it generates one randomly.
So Then I wanted to Display the generated password and let them change it to something else ..
but i will just let them change it , by typing in a new password , then updating the table .. just like it did when they signed up
|
generate the new pass.. encrypt in with a one-way algorithm, put it in the database, and also email it to them (or display it on the page or whatever) .. there you have it, you have given them the new pass and its also one-way encrypted in the database.. they now need to enter the new pass to be able to change it to something else..
thats the common way of doing it
...or during the reset process, you can have them choose what pass to reset it to..