I'd like to contribute my "Forgot Password" script to the community.

I had previously written one that e-mails the password to the e-mail address you provided when you registered, but that would only work when using Plain-Text passwords which I don't recommend.

This one can't unencrypt the stored password, but what it does is reset it to a random value and then e-mails the new password to the e-mail address provided during registration.

The program prompts the user to provide his username and his e-mail address. We do this to make sure no one changes anyone else's password (even though they still would not be able to gain access, they could cause trouble just randomly selecting usernames and resetting them) So we check the username against the e-mail address for authentication and if it passes it resets the password.

The return is always the same. A standard thank you screen. If you provided accurate info you will receive the new password in your e-mail, if not not. This could be developed further, but I didn't want to give them more feedback for security reasons.

You may need to tweak the code where it searches the database, since my database structure may be different than yours (i.e. the field number which is the username, password, and e-mail).

This script can be used with any of the extropia authentication programs. I am currently using it with web_authenticate and with the bbs.

One thing to be careful for is to make sure the lock file is the same name you use in your main program so that the reset password program is not writing to the database at the same time web_authenticate or the bbs is.