Has someone the code to send users their password when they have forgotten it ?
The same as what this forum, here, provides.
Thank you
The same as what this forum, here, provides.
Thank you
Feb 13, 1999, 11:12 PM
Veteran / Moderator (8669 posts)
Feb 13, 1999, 11:12 PM
Post #2 of 5
Views: 2478
I wrote a modification, which you can pick up at
http://www.drizzle.com/~hall/dbmod/lookup.txt
Be warned! This requires that you remove the encryption from your password file, leaving it easily readable by anyone who would have access to the file. Be sure your cgi-bin is secure before you use it.
------------------
JPD
http://www.drizzle.com/~hall/dbmod/lookup.txt
Be warned! This requires that you remove the encryption from your password file, leaving it easily readable by anyone who would have access to the file. Be sure your cgi-bin is secure before you use it.
------------------
JPD
Feb 14, 1999, 8:37 AM
Veteran / Moderator (8669 posts)
Feb 14, 1999, 8:37 AM
Post #4 of 5
Views: 2468
First, you cannot remove encryption that's already there. I suppose I wasn't clear in what I said before. What I ought to have said is "it removes the fuction of encrypting a password when the user account is created."
Can you use an email address as a password? You probably could, but I don't think it would be a very good idea. Someone's email address is to easy for others to know. For example, if on this forum the email address was used as the password, anyone could post under my user name. All you have to do is look at my profile and you can get my email address and my user name is on every post.
The password needs to be something that is known only to the user and to those who the user decides to tell.
Which brings up another possible problem with saving unencrypted passwords. Many people like to use the same password every time they need one. If they go onto a site where the password is unencrypted and (as in DBMan) the admin has access to the password file, the admin will now know their password. Anyone using the "lookup" mod should pledge, at least to themselves, that they will never abuse this privilege.
------------------
JPD
Can you use an email address as a password? You probably could, but I don't think it would be a very good idea. Someone's email address is to easy for others to know. For example, if on this forum the email address was used as the password, anyone could post under my user name. All you have to do is look at my profile and you can get my email address and my user name is on every post.
The password needs to be something that is known only to the user and to those who the user decides to tell.
Which brings up another possible problem with saving unencrypted passwords. Many people like to use the same password every time they need one. If they go onto a site where the password is unencrypted and (as in DBMan) the admin has access to the password file, the admin will now know their password. Anyone using the "lookup" mod should pledge, at least to themselves, that they will never abuse this privilege.
------------------
JPD
Feb 14, 1999, 5:39 PM
Novice (21 posts)
Feb 14, 1999, 5:39 PM
Post #5 of 5
Views: 2488
To JPDenis,
Thank you for your code.
In fact, i have already a distinct database which holds username, password, and email addresses, so it is easier. I just need the code to use sendmail.
I tried it. It works.
Again, thank you !
Parsifal
Thank you for your code.
In fact, i have already a distinct database which holds username, password, and email addresses, so it is easier. I just need the code to use sendmail.
I tried it. It works.
Again, thank you !
Parsifal