[Question]

i was wondering when someone forgets their password how do you recover it? ( considering all passwords are coded in md5 salt/hash )

is their a way to do it or do you need to have your register page on your website where it runs the query to the db but at the same time has a table set up where a non md5 salt/hash version could be saved?

Personally, I would just send out a new password. Its the easiest and fastest way.

yeah as i thought i was thinking about a setting up a page where the person that lost their password could just fill in their username security info (if any) and the registered email then like a submit button then it would run a query n submit the info into a table that could be checked then id check it against the registration info n get the pass from the db n email off the required details.

either that or have the data match up against itself and if it was alll correct it would just display the pass at the bottom of the page or link to a new page and display it.

but i guess ill just do that but instead of giving back original pass just reset it and send off the new pass.

thats why we have register page working with email .so we would ask for thier email that they use to register .

resetting password is best, mostly for security.
If anyone gets your account database there's crap all anyone can do with that, where as if you stored actual passwords as strings they would have all the login's and password's of all your players.

Quote:

Originally Posted by funhacker resetting password is best, mostly for security. If anyone gets your account database there's crap all anyone can do with that, where as if you stored actual passwords as strings they would have all the login's and password's of all your players.

Exactly my reasoning behind sending out a new password.