in the following cool hack...
I'd like to contribute my "Forgot Password" script to the community.
I had previously written one that e-mails the password to the e-mail address you
provided when you registered, but that would only work when using Plain-Text passwords
which I don't recommend.
This one can't unencrypt the stored password, but what it does is reset it to a random
value and then e-mails the new password to the e-mail address provided during registration.
The program prompts the user to provide his username and his e-mail address. We do this
to make sure no one changes anyone else's password (even though they still would not be
able to gain access, they could cause trouble just randomly selecting usernames and
resetting them) So we check the username against the e-mail address for authentication
and if it passes it resets the password.
The return is always the same. A standard thank you screen. If you provided accurate info
you will receive the new password in your e-mail, if not not. This could be developed
further, but I didn't want to give them more feedback for security reasons.
You may need to tweak the code where it searches the database, since my database structure
may be different than yours (i.e. the field number which is the username, password, and e-mail).
This script can be used with any of the extropia authentication programs. I am currently
using it with web_authenticate and with the bbs.
One thing to be careful for is to make sure the lock file is the same name you use in your
main program so that the reset password program is not writing to the database at the same
time web_authenticate or the bbs is.
Download the script here!