Forgot Password: Is my code okay? Newbie

Ask about general coding issues or problems here.

Moderators: egami, macek, gesf

Post Reply
php-forum Fan User
php-forum Fan User
Posts: 973
Joined: Mon Oct 01, 2012 12:32 pm

Fri Apr 25, 2014 6:14 pm

google an MD5 hash. most of them will return a value instantly. md5 is not secure and should not be used for anything of any consequence.

Back to the problem at hand though. What error are you getting, or what is it not doing? Also, you should not allow someone without the password to reset the password. Only give them the option to request a password reset. When requested, email a reset link to the email address you have on file. If you search through this forum, there are good user classes that you can use that demonstrate logins, password resets, 'remember me checkboxes' etc. I know i've personally posted several. And don't save the password as an md5 hash. you need a 1 way salted hash, which md5 is not. what you can do is write a function to generate a salt of length X, then do a sha1 hash of the entered value and the random salt. tack the salt onto the end of the hash, and save it into your database like that. When someone tries to log in, grab the stored password, pull off the unencrypted salt (because you know the length and it's on the end of the hash generated with it) and run their entry and the hash through the generate code. Compare the result to the stored value and if they entered the same thing, it will match. Never store passwords in plaintext or md5, and do not save entered details on login attempts.

Post Reply
  • Information
  • Who is online

    Users browsing this forum: No registered users and 9 guests