Hi there,

Is there a way to set things up so that if a user loses his password it can be emailed to him WITHOUT resetting the password? IE it would send him his current password so he wouldn't have to choose a new one.

Short answer: no.

The long answer ends up the same, it just takes longer to realize the outcome.

Awesome post there Adrian (that wasn't sarcasm either!) :)

To explain why:
When you create your password, it is hashed using a MD5 hash along with a salt (I won't go into details about what they are). A hashing process cannot be reversed, meaning that you cannot reverse the hash to get the original password. Each time you login it will automatically hash your password and match the hash with the hash in the database. If it is matching, that's when you login.


Hope that explained why.