Thank you! These are some great ideas. Sam "Brad Bonkoski" <bbonkosk@tampabay.rr.com> wrote in message 3F258307.187151F8@tampabay.rr.com">news:3F258307.187151F8@tampabay.rr.com... > Typically in these systems you do not send them their password un-encrypted if > they lose it because like you said, it is one way. Normally, you collect > certain information to validate them, and then generate a new password to email > them, so they can get it and once again reset their password if they so choose, > or you could force them to. > > -Brad > > Sam Folk-Williams wrote: > > > Hi, > > > > I've got a PHP/MySQL site that uses a simple user table to check for a valid > > username/password match when logging someone in. I encrypted the passwords > > using mysql's PASSWORD() function. I now realize that was probably not the > > best choice, because I don't think it's possible to un-encrypt them. I want > > to add a feature that allows users to request to have their password emailed > > to them. > > > > Can anyone recommend a better method for encypting passwords and how to > > unencrypt? (is there a function in PHP for this? Or a different MySQL > > function?) > > > > Thanks, > > > > Sam > > > > -- > > Sam Folk-Williams > > Service Team Leader/Webmaster > > Rise, Inc -- Creative Partnerships South > > (952) 884 8330 (V); (952) 884 8371 (F) > > www.rise.org > > > > -- > > PHP Database Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
