Originally posted at ViryaTechnologies.com.
The web is, undoubtedly, a wonderful resource, it allows us to quickly and easily find information on almost anything. When it comes to servers and websites, however, it can be incredibly dangerous if you (or worse, the author) do not know what you/they are doing.
I was browsing to see if there's a better way to reset a users password from PHP than the method I usually use, and stumbled across this tutorial. Quite frankly, my chin hit the desk at the advice being offered.
In all fairness to the person who posted the tutorial, they have attempted to mitigate some of the serious security concerns, but despite that, it's still a security nightmare. What makes it worse, is the comments below indicating that some users are blindly copying and pasting the PHP and following the steps without even a base understanding of how it works.
In this post we'll be looking at what the tutorial suggests, and why it's a bad idea.