So I have been learning quite a bit about PHP and Mysql, and I was wondering about something. Let’s say I was going to make a database storing just usernames and passwords (keeping the example simple). I know that it’s not safe to store passwords without encrypting them because someone might hack into the database.
So I use an MD5 hash or something even safer and store the passwords encrypted, then one of my users has forgotten their login information and they would like to retrieve it by email.
If I’m using a one-way encryption method like MD5 or a better one, how am I supposed to send the user their login information if their password is encrypted and no way to decrypt it?
I would guess that for this purpose (by which I mean the retrieving part) is there another way, or at least another place, where the passwords are stored just for this?
I would be glad if anyone could suggest a method for storing this information safely but in such a way that if one of my users forget their login there’s a way for me to email them back safely.
Or how is a problem like this dealt with nowadays?
And from what I have read MD5 hash was hacked already so a better encrypting hash or method would be nice too.
You aren’t. You should never send a user’s password to them.
If a user wants to reset their password then:
See the PHP manual, this is a FAQ.
See also, OWASP