New member and forgotten password working
This was a bit difficult. So many bugs and so many mistakes made, especially in the forgotten password programs.
Anyway, it's done and now, the new member system appears to work really well. And if the member has forgotten their password, they can now change it.
I did this with only partial Claude AI. I had a real problem with my local system not sending emails. Then I had a lot of confusion on how to send an email as I was trying to get my website to send mail and it wouldn't. So I asked the AI system how to do it and it responded with a very simple email system.
It turns out that the system I use to run my website locally (XAmpp), does not do email. Anyway, it's all working now.
To become a new member, a code is sent to the new member email and then if the code matches, then I know that their are real and not some robot trying to clog my system with fake people. Of course, I use an password encryption system that is really interesting.
It's called the Sha512 system. It was created by the NSA. The way it works is this. When you create a password, I put your password through the Sha512 encryption system and it comes out with a long unintelligible string. Then I save that string in your member file. When you log back in, I use the Sha512 system again and if you type a password and it comes out with the very same unintelligible string that matches the string I have saved in your member file, then it's you and I can log you in.
What that means, there's no way I can take that string and figure out what your password is. There's no way I would be foolish enough to save your password. So if you forget it, then you need to recreate a new encrypted password string. This way nobody knows your password, not even the people who have that encrypted string in the members database row.
Now, if, for some reason, a hacker found a way to download the database, they would be faced with a string that would be almost impossible to decode with current high speed computers.
Of course, brute force would work by taking that string and using Sha512 and running a program that tests every conceivable code until one matches the string. Of course, that takes a really long time. If you have a powerful password, then it would take thousands of years. Enough said.
Pierre
Pierre
Comments
Post a Comment