I have been looking at phpShop as the base for both a shopping cart and a classifieds system (to be written using the core modules as a base).

One of the things is does well is handle lost encrypted passwords.

Here's the blurb from the phpShop.org website core docs:

Generates a new password for the given user email address. It works by generating a new password and a change key and placing that in the user record. An email is sent (using the eform tool!) with the change key and password and the url to the change form. if the user that recieves the email goes to the change form AND the key is accurate then the password is updated. Otherwise, nothing happens.

This is the way vBulletin needs to manage passwords!

-t

I honestly don't like this procedure. Why can't we just get along and use two password fields? One password field with the encrypted, the second password field with the real. I don't know the purpose of this, but oh well.

And I don't have encryption support on my compiled version of PHP.

Because unencrypted passwords in the database is poor design and poor security. Plain and simple.

-t