Re: [PHP-DB] Password Question From: Russ Michell (r.j.michell <email protected>)
Date: 08/31/01

Have a registration screen that inserts their names, email etc *and* their choice of username +
password:

$sql = "INSERT INTO <table> (username,realname,password,email) VALUES
('$username',$realname',password('$password'),'$email')";
$result = mysql_query($sql,$connect);

//and do a check if the username chosen exists already:

$chksql = "SELECT username FROM <table> WHERE username='$username'";
$chkresult = mysql_query($chksql,$connect);
$check = mysql_num_rows($chkresult);
if ($check == 0)
        echo "this username already exists, select another.";
        }
else {
        echo "continue!";
}

if they have fogotton their password after registering, then have a link that sets a variable, and
check or this variable at the top of the page:

<a href=\"$PHP_SELF?id=lostpassword\">go here to retrieve lost password</a>

if '$id' is set then have the user input their password and email address (the one they registered
with) and query the database for a username on the basis of the inputted info, and email it using
mail() to that email address!

Use the same method for a lost username, they can then input their password and email and the
system will mail them the lost details!

Good luck!
Russ

On Fri, 31 Aug 2001 10:38:53 -0500 Jeff Oien <jeff <email protected>> wrote:

> I would like users to be able to request to have their password
> sent to their email address if they forget it. I would also like it
> encrypted in the database though. How is this best handled?
>
> The security isn't real important. But I let users choose their
> own password and if they use a password they use for other
> things I think it would be best for it to be encrypted.
> Jeff Oien
>
> --
> PHP Database Mailing List (http://www.php.net/)
> To unsubscribe, e-mail: php-db-unsubscribe <email protected>
> For additional commands, e-mail: php-db-help <email protected>
> To contact the list administrators, e-mail: php-list-admin <email protected>
>

#-------------------------------------------------------#
                                
  "Believe nothing - consider everything"
  
  Russ Michell
  Anglia Polytechnic University Webteam
  Room 1C 'The Eastings' East Road, Cambridge
  
  e: r.j.michell <email protected>
  w: www.apu.ac.uk/webteam
  t: +44 (0)1223 363271 x 2331

  www.theruss.com
                        
#-------------------------------------------------------# 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-db-unsubscribe <email protected>
For additional commands, e-mail: php-db-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>