Topic: Password recovery theory question

[j.smith1981]

I am having a problem thinking about making a recover password application in PHP.

How is the best way to maybe secure the password but retrieve its value or is this purely not possible?

How is the best way to authenticate a user like this through a login system?

I am not sure and I apologise if this isnt the right forum to ask this sort of question, please then move this to another section that you deem more appropriate (apologise for my lack of spelling if any).

Kind regards and I am interested to hear some responses (as I am a bit stuck with thinking about the possibilities  lol),
Jeremy.

[schilly]

here is what i normally do for password resets:

-user submits username
-generate a hash code and update their account record with the hash
-send that user an email with a reset password link that has their account and hash code in it
-click the link. it verifies the username with the hash code and lets them reset their password
-once the password is reset remove the hash code from their account so the link no longer works

you could set up a timestamp as well so the link is only good for 24hrs or whatever. this system should be pretty solid.

[meltingpoint]

Why not simply have them enter their email address- then email the user name and or password of that user who has THAT EMAIL.  In this- only the person with that email address will get their password.

This makes things much simpler.

Cheers

[thorpe]

Why not simply have them enter their email address- then email the user name and or password of that user who has THAT EMAIL.  In this- only the person with that email address will get their password.

This makes things much simpler.

Cheers

The entire point being passwords should be stored as hashes. You cannot therefore retrieve the password from the given hash, you need to generate a new password.

[meltingpoint]

...............or, in the case of flat file system, you could store the user names and passwords outside the public_html which would make hem in accessible to the public even if the directory was exposed somehow.

Admittedly though......hashing a password would be the best.  Just giving more than one option/possibility.

[j.smith1981]

Its given me some thought that, i would be worried about storing it as a file in the system though, as I would have to make that accessible to the http server sort of defeats the security point.

But I could make it inaccessible using htaccess couldnt I? But that would create a major work around and I would think that would be pointless.

I might have a look at phpBB's code on this and see how their passwords are stored and see if I can somehow replicate that in my own code, I know that can send a password reminder.

What I could do though is get it to regen the password I suppose, that would be an idea wouldnt it?

Make some kind of session that says if user has reset their password make them change it, if that doesnt exist then they cant use that link as it where to do that using like some kind of variable in a GET command that would work dont you think?

Then when the php code has regenerated the password display it in an email and down the code set the same variable and hash it and store it in the db, this would be a better idea wouldnt it?

I hope this makes sense,
Jeremy.

PS Sorry I wasnt thinking about this logically last night lol.

[schilly]

i would stay away from a flat file username/password system. if your user base grows, trying to authenticate will get really slow.

either way, don't store your password as plain text. generate them a new password which they can change or give them a link to reset their password.

[j.smith1981]

I know its been ages since I replied to this, but been going through some other solutions at work and I think this would be possible.

Have a list of users, maybe making another table linked to the users with a table name of user_security or something.

Having a secret question and answer, if the one entered by the user matches whats in the database.

Create a hash in just a column of that, if a value exists in that column for that user, or better still make another table with reset_hash name, if a value exists for that user id, and its the same one generated and sent to the user.

Allow user to reset their password, if a hash doesnt exist, then dont allow them to.

Using the $_GET method on the processing page, from the users email.

This should work shouldnt it?

God I am getting so logical with this sort of stuff, would be able to create a botched job of this, like a rather ugly looking one, would someone be willing to examine and help me improve this, like in the sense of it being object orientated? Would be quite interesting to see your results, would this be better in the coding help part though?

I sometimes outdo myself in theory of applications now (sometimes I get stuck though), but I love the way PHP is making sense now, I truely appreciate all the help you people have given me!

Cheers and thanks for reading (oh I look forward to someones reply aswell),
Jeremy.