[nycphp-talk] online password replacement
David Mintz
dmintz at davidmintz.org
Fri Mar 5 15:43:46 EST 2004
I recently set up such a thing in the manner Dan Cech just described. I
used the PEAR Auth package (speaking of PEAR again (-:) and the passwords
are stored as md5 hashes, indecipherable even to the admin, so it wasn't
optional, I had to use the technique of resetting and emailing them their
new password. I stole this password generator from someplace, it seems
Good Enough for these purposes, but if someone has a better one I'll steal
that too.
function create_passwd() {
$i=0;$pwd='';
while ($i<9){
srand((double)microtime()*1000000);
$num=rand(0,255);
$txt=chr($num);
if (eregi("^[a-z0-9]$", $txt)) {
$pwd=$pwd . $txt;
$i++;
}
}
return $pwd;
}
On Fri, 5 Mar 2004, Allen Shaw wrote:
> Hi All,
>
> I wonder if anyone here has experience implementing a lost-password-recovery
> function on a login-based website. [snip]
---
David Mintz
http://davidmintz.org/
"Anybody else got a problem with Webistics?" -- Sopranos 24:17
More information about the talk
mailing list