Forgot password page, but passwords are hashed
I need to implement a Forgot Password page, but my passwords are salted & hashed. So I can't retrieve them conventionally. My idea was to do the following: When an user clicks the Forgot Password link, they naturally need to type in their email address (which is also their username). Their password gets reset to a hashed & salted password i made. Then, i send an email to them which contains a link to a new page where they can type in their new password. The link contains the new hashed & salted password (as a $_GET variable) which is just for authentication purposes. I just grab the $_GET