By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,188 Members | 834 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,188 IT Pros & Developers. It's quick & easy.

Forgotten password

P: n/a
Hello,

are there any tutorials/guides out there that explain how to handle this
subject?

I was thinking of having a member enter his username and email, after
which I then email him a new password.

Question from my side is if there is a php method to auto generate a
strong password.

Many thanks,
twomt

--
Nemesis War
Online browser based space combat game.
It's free, it's great, you'll love it.
Come join us at http://www.nemesiswar.net/
Dec 29 '07 #1
Share this Question
Share on Google+
9 Replies


P: n/a
twomt said:
Hello,

are there any tutorials/guides out there that explain how to handle this
subject?
Google popped up 1.3 Million for "php password reset", so that's a place
to start, at least.
I was thinking of having a member enter his username and email, after
which I then email him a new password.
I normally have them enter just the username, and then silently ship off
the new password to the email address on file.
Question from my side is if there is a php method to auto generate a
strong password.
http://www.php.net/uniqid

Works every single time.

All the best,
~A!

--
Anthony Levensalor
an*****@mypetprogrammer.com

Only two things are infinite, the universe and human stupidity,
and I'm not sure about the former. - Albert Einstein
Dec 29 '07 #2

P: n/a
rf

"twomt" <no******@nemesiswar.netwrote in message
news:fl**********@aioe.org...
Hello,

are there any tutorials/guides out there that explain how to handle this
subject?

I was thinking of having a member enter his username and email, after
which I then email him a new password.
To where would you email him the new password? What if I enter my email
address, do you email his new password to me?

--
Richard.
Dec 29 '07 #3

P: n/a
rf said:
"twomt" <no******@nemesiswar.netwrote in message
news:fl**********@aioe.org...
>Hello,

are there any tutorials/guides out there that explain how to handle this
subject?

I was thinking of having a member enter his username and email, after
which I then email him a new password.

To where would you email him the new password? What if I enter my email
address, do you email his new password to me?

--
Richard.

No, that would be stupid. If someone has a password with me, as in an
account at one of my sites, I already have their email in a database. I
mail the new password to that address, and done is done.

~A!

--
Anthony Levensalor
an*****@mypetprogrammer.com

Only two things are infinite, the universe and human stupidity,
and I'm not sure about the former. - Albert Einstein
Dec 29 '07 #4

P: n/a
rf wrote:
"twomt" <no******@nemesiswar.netwrote in message
news:fl**********@aioe.org...
>Hello,

are there any tutorials/guides out there that explain how to handle this
subject?

I was thinking of having a member enter his username and email, after
which I then email him a new password.

To where would you email him the new password? What if I enter my email
address, do you email his new password to me?

--
Richard.

The username and email have to match what is stored in the db,
if these match the new password would be mailed to that userid.

--
Nemesis War
Online browser based space combat game.
It's free, it's great, you'll love it.
Come join us at http://www.nemesiswar.net/
Dec 30 '07 #5

P: n/a
twomt wrote:
rf wrote:
>"twomt" <no******@nemesiswar.netwrote in message
news:fl**********@aioe.org...
>>Hello,

are there any tutorials/guides out there that explain how to handle
this subject?

I was thinking of having a member enter his username and email, after
which I then email him a new password.

To where would you email him the new password? What if I enter my
email address, do you email his new password to me?

-- Richard.

The username and email have to match what is stored in the db,
if these match the new password would be mailed to that userid.
What's the sense in making them input their email address? Just send it.

Otherwise you might have someone like me with 3 email addresses I use
regularly and a couple of others occasionally. I don't care which it
goes to - I check them all. But only I can get at any of them, anyway.
And I might not remember which one I used when I signed up.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Dec 30 '07 #6

P: n/a
rf

"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:kv******************************@comcast.com. ..
twomt wrote:
>rf wrote:
>>"twomt" <no******@nemesiswar.netwrote in message
news:fl**********@aioe.org...
Hello,

are there any tutorials/guides out there that explain how to handle
this subject?

I was thinking of having a member enter his username and email, after
which I then email him a new password.

To where would you email him the new password? What if I enter my email
address, do you email his new password to me?

-- Richard.

The username and email have to match what is stored in the db,
if these match the new password would be mailed to that userid.

What's the sense in making them input their email address? Just send it.

Otherwise you might have someone like me with 3 email addresses I use
regularly and a couple of others occasionally. I don't care which it goes
to - I check them all. But only I can get at any of them, anyway. And I
might not remember which one I used when I signed up.
In many of the places where I have a user-id (ISP, hosting etc) the email
address *is* the user-id. The real question then becomes: why do I need a
seperate "member-id" when one of my email addresses identifies me anyway?

--
Richard.
Dec 30 '07 #7

P: n/a
rf wrote:
"Jerry Stuckle" <js*******@attglobal.netwrote in message
news:kv******************************@comcast.com. ..
>twomt wrote:
>>rf wrote:
"twomt" <no******@nemesiswar.netwrote in message
news:fl**********@aioe.org...
Hello,
>
are there any tutorials/guides out there that explain how to handle
this subject?
>
I was thinking of having a member enter his username and email, after
which I then email him a new password.
To where would you email him the new password? What if I enter my email
address, do you email his new password to me?

-- Richard.

The username and email have to match what is stored in the db,
if these match the new password would be mailed to that userid.
What's the sense in making them input their email address? Just send it.

Otherwise you might have someone like me with 3 email addresses I use
regularly and a couple of others occasionally. I don't care which it goes
to - I check them all. But only I can get at any of them, anyway. And I
might not remember which one I used when I signed up.

In many of the places where I have a user-id (ISP, hosting etc) the email
address *is* the user-id. The real question then becomes: why do I need a
seperate "member-id" when one of my email addresses identifies me anyway?
Maybe to allow your userid to be public yet keep your email private?

That's why I do it on my customers' sites.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Dec 30 '07 #8

P: n/a
On 29 Dec, 13:50, Anthony Levensalor <anth...@mypetprogrammer.com>
wrote:
rf said:
"twomt" <no-re...@nemesiswar.netwrote in message
news:fl**********@aioe.org...
Hello,
are there any tutorials/guides out there that explain how to handle this
subject?
I was thinking of having a member enter his username and email, after
which I then email him a new password.
To where would you email him the new password? What if I enter my email
address, do you email his new password to me?
--
Richard.

No, that would be stupid. If someone has a password with me, as in an
account at one of my sites, I already have their email in a database. I
mail the new password to that address, and done is done.

~A!

--
Anthony Levensalor
anth...@mypetprogrammer.com

Only two things are infinite, the universe and human stupidity,
and I'm not sure about the former. - Albert Einstein
1) that's inflexible - you are expecting the user to know 2 out of
three facts
2) it provides a way for a third party to carry out a denial of
service attack against your users.

If you look at existing systems the more sensible ones send out a URL
with a single use visa in the the query part allowing the user to
access the site without presenting their login credentials.

C.
Dec 30 '07 #9

P: n/a
C. (http://symcbean.blogspot.com/) wrote:
On 29 Dec, 13:50, Anthony Levensalor <anth...@mypetprogrammer.com>
wrote:
>rf said:
>>"twomt" <no-re...@nemesiswar.netwrote in message
news:fl**********@aioe.org...
Hello,
are there any tutorials/guides out there that explain how to handle this
subject?
I was thinking of having a member enter his username and email, after
which I then email him a new password.
To where would you email him the new password? What if I enter my email
address, do you email his new password to me?
--
Richard.
No, that would be stupid. If someone has a password with me, as in an
account at one of my sites, I already have their email in a database. I
mail the new password to that address, and done is done.

~A!

--
Anthony Levensalor
anth...@mypetprogrammer.com

Only two things are infinite, the universe and human stupidity,
and I'm not sure about the former. - Albert Einstein

1) that's inflexible - you are expecting the user to know 2 out of
three facts
Which is why I only require the user id.
2) it provides a way for a third party to carry out a denial of
service attack against your users.
Not at all. At most the user will get one email per day. The system
won't send it more often than that.
If you look at existing systems the more sensible ones send out a URL
with a single use visa in the the query part allowing the user to
access the site without presenting their login credentials.

C.
True. But just sending the password once works, also. Not as secure,
but often times it's secure enough.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================

Dec 30 '07 #10

This discussion thread is closed

Replies have been disabled for this discussion.