View Full Version : Forgot password in login form!

02-28-2012, 12:49 PM
I have coded a registration and login form, including a Forgot Password link if the user has forgotten his password.

I have an issue here..and also want to know something... Ok, let me explain, all the users passwords are hashed by MD5 in the database....

When the user will forgot his password, he will insert only his email, then the password will be sent to him by email. But, the password is hashed using MD5, so it appears as hashed in the email when he will get.

Question: How to make the password readable in the email?

Now, let's come to the second part, I want to know something, if I make the user create a new password, can I do it with the UPDATE query of MySQL? I mean when he will write his new password, this will update the previous password in the database...

Thank you!

02-28-2012, 12:56 PM
Hashing algorithms like MD5 are by nature one-way. You can't un-hash a password, nor would you want to send it plain text through email because email is not secure.

As you said, you'll have to have the user change their password. Using some other means of verification, verify who the user is and then send them a "reset password" link. You can then use an update query to change the password on their account.

02-28-2012, 01:29 PM
Ok then, I will use the method of update password. Its better.