I'm using this great login software located here
It uses md5 encryption which the author says precludes the possibility of password retrieval (because md5 is "one way"). From the site:
The id_user field will contain the unique id of the user, and is also the primary key of the table. Notice that we allow 32 characters for the password field. We do this because, as an added security measure, we will store the password in the database encrypted using MD5. Please note that because MD5 is an one-way encryption method, we won't be able to recover the password in case the user forgets it.
Is there anyway to use a two way encryption like this
so that I can make a "forgot password" link?
In the fg_membersite.php file, why can't I simply change the md5 encryption lines 258 and 583 to be
base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($_SESSION['pw_key']), $string, MCRYPT_MODE_CBC, md5(md5($_SESSION['pw_key']))));
with something like $_SESSION['pw_key']="rando
y"; up at the top of the page and the $string variable in the encryption ($password) in line 258 and $this->$formvars['password
'] in line 583
so that I could make the forgot password page decrypt with the stackoverflow decrypt key and send it to the user's email or something.
whenever I try to make these changes, I get the username/password do not match error. I guess I am missing something quite fundamental!
Thanks for any insight you can offer!!