Forgot Password Feature is Broken — Sends Hashed Password Instead of Reset Link #30
Description
Description
In forgotpass.php (lines 32–44), the password recovery feature fetches the stored password from the database and emails it to the user:
<?php
$pass = $rows['password'];
$body = "... Here is your password : $pass; ...";
Since passwords are stored as bcrypt hashes, the user receives an email containing a long hash string like $2y$10$abc...xyz — which is completely unusable for logging in.
Impact:
- The "Forgot Password" feature does not work at all — users cannot recover their accounts.
- The bcrypt hash is exposed via email, which is a security concern.
Suggested Fix : Implement a proper password reset flow using a temporary token and a reset link, instead of trying to send the stored password.