M9 1a8 8 0 1 0 0 16A8 8 0 0 0 9 1zm. Join Stack Overflow to learn, share knowledge, and build ufocool bitcoin career. M9 1a8 8 0 1 0 0 16A8 8 0 0 0 9 1zM8 15.

Create-a-Secure-Login-Script-in-PHP-and-MySQL What I need now is some kind of password reset function in case of forgotten password. There are just a few users and I try to make it as easy as possible. Are there any strong security weaknesses doing it like this or is it a common way? Update: The passwords are hashed and salted. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Also, you need to make Absolutely sure that you only send email to their address which was already registered with you.

You cannot allow them to enter any email address and a username to get the password. User clicks on “Password Reset” Link. Email is dispatched to the address user registered with. Email contains a unique link that expires in 1 hour. User clicks link and is taken to page with password field. User enters new password, password is hashed and saved.

Just FYI, you should never transmit passwords or their hashes in any way. Passwords should never be saved in raw form or as unsalted hashes. What do you think abouth sending e. That isn’t as safe as it should be. Use a randomly generated string of characters, not any real credentials. Store the random string in a database and use it to look up which user to reset the password for.