Typically in these systems you do not send them their password un-encrypted if they lose it because like you said, it is one way. Normally, you collect certain information to validate them, and then generate a new password to email them, so they can get it and once again reset their password if they so choose, or you could force them to. -Brad Sam Folk-Williams wrote: > Hi, > > I've got a PHP/MySQL site that uses a simple user table to check for a valid > username/password match when logging someone in. I encrypted the passwords > using mysql's PASSWORD() function. I now realize that was probably not the > best choice, because I don't think it's possible to un-encrypt them. I want > to add a feature that allows users to request to have their password emailed > to them. > > Can anyone recommend a better method for encypting passwords and how to > unencrypt? (is there a function in PHP for this? Or a different MySQL > function?) > > Thanks, > > Sam > > -- > Sam Folk-Williams > Service Team Leader/Webmaster > Rise, Inc -- Creative Partnerships South > (952) 884 8330 (V); (952) 884 8371 (F) > www.rise.org > > -- > PHP Database Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
