enigma1 - 2:56 pm on Nov 23, 2008 (gmt 0)

base64_encode does not provide one way encryption something you do need for passwords. You should create a new password for the password-forgotten cases apply a one-way encryption scheme and store the key only in the database, then send the password via email to the original owner from the accounts table.

People won't like it if they know their passwords can be decrypted. Even the md5 is not sufficient by itself, without using some other salt sub-key preferably custom to your site.