Welcome to WebmasterWorld Guest from 220.127.116.11
I have a membeship site that automatically issued users with MD5 encrypted passwords. Users can request a new password but they can't set their own.
Any ideas on the best way to let a user enter a plain text password into a form and have ir stored in MySQL with MD5 enctiption?
[expanded the idea]
Just make sure that the person changing the password is actually the user who owns the account!
Can be done in 2 ways in my opinion:
1. User also enters old password for verification.
2. User also enters some verification-code he got sent via email.
note that point 2 you can also accomplish by using the ability to give them a auto-generated password (wich you allready have). Users can then use point 1 using that generated password to effectively get point 2 :).
get the idea?