PHP password recovery

I realize that for security that passwords should not be stored in a DB as plaintext. If I hash them, I can validate them for login purposes.

But if I want to set up a password recovery system, what's the best strategy since there is no undoing of the hashing?

Could som开发者_JAVA技巧eone give me a brief overview of a good and secure strategy for storing and recovering passwords?

You can not recover password that were hashed, neither should you.

What you should do instead is:

1. Put some verification on the password reset request, like CAPTCHA.
2. Create an one-time random code and send a link with it to user's email.
3. Have this code expire in, say, an hour.
4. Have this code expire immediately once used.
5. On the link with the code, if it validates, allow him to change his password.
6. Notify him that the password was changed, but do not send it in the email.

You don't 'recover' passwords. What you do is one of 2 things.

1. Email the user a link to create a new password, overriding the current one
2. Email the user a randomly generated password, then ask them to change it

My process is as follows.

1. User initiates a forgotten password request

The user clicks a forgotten password link and then redirected to a reset password form where they are asked to enter their registered email address.

2. Email address verified and token generated

After the user has entered their email address, the system verifies that it exists in the database. If the email address is valid then a token is generated and stored in the database with the users credentials.

3. Send recovery email

An email is sent to the registered email address containing a link to a reset form, the link includes 2 GET parameters including the token and the users unique ID stored in the database.

4. Reset password

After the user clicks the link they are taken to the reset form. The system retrieves the 2 GET parameters from the URL and verifies they exist in the database. If the token is verified to exist in the database with the user then the user may be shown the reset password form fields to enter a new password.

Security

I suggest using BCrypt (available since PHP 5.3) to hash the passwords and for additional security, perhaps use some sort of expiration for the token so it can't be used after a period of time.

You can create a new (and randomly generated) password for user, and md5 it , and then send user via email.