There isn't anything terribly complicated about it...
jonelo piad wrote:If you knew how please post how and an example
You may have already figured out that this kind of request doesn't get you exactly what you want here. ShowSomeEffort (←click) first: think through the problem and come up with an initial solution of your own. You can find many examples on the internet so do a SearchFirst (←click). Come back with more specific questions if you still have doubts.
You need to be specific about what you want to insert/change/whatever, otherwise you are liable to be given a misleading answer. Remember, “GIGO”.
Campbell Ritchie wrote: As Fred implied earlier, there is usually a password() SQL function which hashes the password. You would usually have a password column in the users table, which you would fill with a default value, e.g.That should be a big enough hint about what to change..
Frequently, the use of the SQL password() function is insecure since it usually does not use a random seed. This makes it is easy to spot two users that have the same password and for dictionary attacks. I can't speak for all databases but this certainly applies to MySQL and Oracle.
jonelo piad wrote:it's in a database
I most certainly hope it isn't - at least not in unencryptyed form.
Passwords, as both fred and Richard have tried to tell you, are usually stored as one-way encryptions, which is why many sites/applications will NOT send you your current password if you forget it. They will send you a new password, and force you to change it as soon as you log in.
I suggest you do the same.
Winston Gutkowski wrote:They will send you a new password, and force you to change it as soon as you log in.
Some sites don't force the user to change the temporary password after a password reset request. We send a time-sensitive, one-time use token that allows the user to change their password. The token is not usable as a password though. I think more sites are using this approach now.