Password reminder for users

  • Resolved gautier_girard

    (@gautier_girard)


    15 years, 10 months ago

    Hello,

    I’d like to send by email a password reminder to users of my blog. I searched for a while but didn’t find a plugin or a mod that could do that possible.

    How can I unencrypt passwords stored in my database so that I could send them by email to each user ?

    I looked in user.php, pluggable.php but don’t understand how to do this (no problem with writing the rest of the code).

    Your help would be much appreciated because after hours of time I’m really stuck with the password system.

    Thanks a lot,

Viewing 5 replies - 1 through 5 (of 5 total)
  • whooami

    (@whooami)

    15 years, 10 months ago

    1+1!=2 in this case

    why do you need to unencrypt them to send a reminder? md5 hashing is one way (ideally) which means you dont. and frankly, I shudder to think of a site operator trying to do such a thing, given the propensity for ppl to re-use passwords.

    Thread Starter gautier_girard

    (@gautier_girard)

    15 years, 10 months ago

    Hello,

    I don’t understand how to use md5 to do that ?

    I wonder if my message was very clear (English is not my native language :-). Basically, what I want to do is (sometimes) send a password reminder to users containing their password.

    So if one’s password is “123”, the script would take its encrypted password (field user_pass in the DB wp_users’ table), unencrypt it so that the user actually recieves “reminder : your password is 123 .”

    Thanks for your help.

    whooami

    (@whooami)

    15 years, 10 months ago

    I don’t understand how to use md5 to do that ?

    you dont — thats what I am saying.

    Its one way.

    whooami

    (@whooami)

    15 years, 10 months ago

    WordPress handles passwords the way they should be done. By changing the password when someone forgets it, and ask for another. Password reminders, (like you just described) inheritantly suggest that they are not stored securely, since IF an application can unencrypt them, so can anyone else.

    A password reminder should be something like “your favorite color”, ie something NOT related to the actual content of the password.

    Your idea is a bad one.

    Thread Starter gautier_girard

    (@gautier_girard)

    15 years, 10 months ago

    Understood, thanks for your kind replies.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Password reminder for users’ is closed to new replies.