When Client forgot their password

**rashuweb** · 14 Jul 2009, 12:19 PM

When Client forgot there password

they request should send or receive same old password

which they created at the time of registration what is the process like encrypt /decrypt or any other method…thankX

**kuroi** · 14 Jul 2009, 12:43 PM

What you suggest would be insecure. The password that they set up will be one that they like and so would probably keep. But sending it through email exposes it to anybody watching, not just for your site, but for every other one where they use it.

It's better to send a random password and encourage them to change it to what they want in a secure environment (i.e. under the protection of SSL).

However, this is largely irrelevant, since the form of encryption used by Zen Cart is MD5 + salt, so it's one way and virtually unbreakable. Once a customer has entered their password, there is no practical way to find out what it was.

**rashuweb** · 15 Jul 2009, 06:21 AM

thanks kuroi!

**rashuweb** · 15 Jul 2009, 06:30 AM

phpMyAdmin...

**rashuweb** · 22 Jul 2009, 12:31 PM

Once again!

still i would like to know the process to send the same pwd.

**kuroi** · 22 Jul 2009, 12:33 PM

Re-read the last paragraph of my earlier reply.

Thread: When Client forgot their password

Thread Tools

Search Thread

Display

When Client forgot their password

Re: When Client forgot their password

Re: When Client forgot their password

Re: When Client forgot their password

Re: When Client forgot their password

Re: When Client forgot their password

Similar Threads

Customer used Forgot Password but password sent won't work

No password in forgot password email

[DONE] Forgot password when Must be Authorized to Browse enabled

Log in box show when account/forgot password pages are showing

Posting Permissions