Forget your password? page

groupmatch · October 10th, 2004, 11:30 AM

Hello,

I wonder if anybody has implemented "Forget your password?" page for thePhile?
I need to know how to write it.
Thanks,
Marenela

englere · October 10th, 2004, 10:20 PM

You mean "Forgot your Password?" - people should click here if they can't remember their password, right?

Your best choice is to make it like Contact.aspx (I assume you made this page - it's pretty simple). You need to get their email address, and you can reset their password to a known value (like "temppassword") and email it to them. Make sure you email it to the address that is recorded in Accounts_Users so you send it to the right person.

Eric

groupmatch · October 11th, 2004, 02:08 AM

Hello Eric,

I need to make it like any other "Forget Your Password" page. You write your own e-mail address and you will get your password send to that e-mail. But the problem is that I don't know how to convert the stored binary password to string (so I can put it in the e-mail message)?
Thanks Eric,
Marenela

englere · October 11th, 2004, 05:55 PM

You can't do that! It's not possible to find the original password, and that's why I said you have to change the person's password.

It uses a 1-way hash. It's not encrypted, so it can't be decrypted. The formula is similar to that uses by CRC codes (Cyclic Redundancy Check codes).

Eric

groupmatch · October 11th, 2004, 09:10 PM

hello Eric,

1- So that means when we convert the string passowrd (when the use enter it in the password textbox) and convert it to byte[] and store it at binary in the database we will not be able to reverse the process (get the binary then put it in byte[] and convert it to string) ?? because if we can do that they we can get the password and then send it to the user e-mail

2- There are many other websites offer the feature of sending the password to the e-mail. How they do it?
Thanks
Marenela

englere · October 12th, 2004, 09:55 PM

It's intentional that we don't save the password in a way that we could decrypt. That wouldn't be good if webmasters could see your private password, would it?

Most of us use the same password at more than 1 site.

Obviously a lot of websites save it in clear text. Doesn't that seem scary to you? How do you feel when they email you a very sensitive password that might also be used at a very important site? Did you ever consider that someone else might be able to see it, too?

I've quit doing business with companies who email my password out. That's a terrible idea!

Eric

groupmatch · October 13th, 2004, 06:04 AM

I see and I got your point :-). So the only solution for this is to generate a new Password in the business component and insert it into the database and then e-mail it to the user?
Thanks,
Marenela

englere · October 13th, 2004, 05:51 PM