DeveloperBarn

okily dokily

i'll wait patiently

Well, how else are you gonna wait?

@RF - no hijacking...this isn't ASP Free

__________________
jmurrayhead
If you agree with me... click the icon!
If my post solved your problem, click the button in the lower right-hand corner of the post.

If you like it here...throw us a few bones to help support us.

Join our Folding team: DeveloperBarn Folding

Sorry Won't do it again.

__________________
“There are two theories to argueing with women. Neither of them work! ” - Unknown

He's gonna stop off for a few beers on the way.

Here ya go, micky: Salted Password Hash - Code Samples

Thanx J
works like a charm

J, can i do some changes in this code so that the salt created have only alphabets and numbers??

The following line is what does it:

But why on earth would you want to do that? No one ever sees the salt, it is randomly generated to ensure more security.

dont ask, its a dreadful story, u'll weep

actually, i need to send user password if he forgets it and i have set password field to take only alpha numeric characters.

so i m sending the salt to them!!
am i doing something wrong??

yes, it's dreadfully wrong micky lol. For one, sending passwords in emails is a very bad thing. You should setup a question/answer form where the user has to enter or select an existing question and provide the answer to it in order to reset their password. To do this, you would convert to lower case and hash their answer. Then, when they submit the form to reset their password, convert their answer to lower case and then hash it to compare against the hashed answer in the database.

Emails can be intercepted and read by malicious users. It's a very bad thing and the password salt/hash was not designed to do this. For one, hashes are one-way.