Better way save password in mysql which can be decrypted also using php

Question

I am currently using md5 function to encrypt my password and save to mysql db which can not be decrypted.

Now my user want that when they forgot password, they shou

Answer 1

• create dynamic salts ( 2, one 'permanent' to mix with the password before hashing / crypting, other one dynamic, changing every time user logs in );

  $dynamicSalt = '';
  for ($i = 0; $i < 8; $i++) 
  {    
      $dynamicSalt .= chr(rand(33, 126)); 
  }
  

• never save passwords in any manner that can help you 'decode' them later, it's not up to you to retrieve original password but to let users reset it

If you really need to save the original passwords, create a database account with WRITE permissions only and store it in some other database ( on another server ? ).

Answer 2

If you're running an internal private site with no security issues, just store passwords with XOR 0xAD each byte. Otherwise, reset is the only option.