RE: [PHP-DB] MySQLPHP decrypt(password)

Bastien Koert Fri, 25 Feb 2005 15:01:34 -0800

You can't. Its an MD5 hash, not an encryption...I reset the password to a random one, and email it to the user, also flag the account to force them to change the password upon login...

[code] function mail_password() { global $err_msg; //get the variables from the form if ((isset($_POST['email']))&&(isset($_POST['lg_name']))){ $email = $_POST['email']; $mid = $_POST['lg_name']; $date_cookie = $_COOKIE['last_time']; }else{ $err_msg = "<b>Please enter both your email address and your username. Thank you.</b>"; show_form(); die(); }//end if

//create the sql and run the query $sql = "SELECT * FROM users WHERE user_email='$email' and user_name = '$mid'";

        $result = connect($sql);

//check the query results if (mysql_num_rows($result)!=1){ $err_msg = "<font color=red>No results found. Please re-enter your username and email address to try again.</font>"; show_form();

        }else{

                $row = mysql_fetch_array($result);
                $email2 = $row['cust_email'];
                $pass   = $row['cust_pw'];

//call the change password function and pass it the information related to the record to create the temp password $new_pass = change_password($mid, $pass);

                $sendto         = $email2;
                $from           = "WebMaster <[EMAIL PROTECTED]>";
                $subject        = "Forgotten Password";
                $message        = "Dear $email2,

                Your password is $new_pass.

                Regards,
                Webmaster";
                echo $message;

                $headers = "MIME-Version: 1.0\n";
                $headers .= "Content-type: text/plain; charset=iso-8859-1\n";
                $headers .= "X-Priority: 3\n";
                $headers .= "X-MSMail-Priority: Normal\n";
                $headers .= "X-Mailer: php\n";
                $headers .= "From: \"".$from."\" <".$from.">\n";

                if (!mail($sendto, $subject, $message, $headers)){
                        echo "Mail failed to send";
                }else{
                        header("location:confirm1.htm");
                }//end if
        }//end if
}//end function

//--------------------------------------------------------------------------------------- // change password function //--------------------------------------------------------------------------------------- function change_password($id, $password) { //generate a random password $pass = ""; $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double)microtime()*1000000); $i = 0; while ($i <= 7) { $num = rand() % 33; $tmp = substr($salt, $num, 1); $pass = $pass . $tmp; $i++; } //change the password in the db $sql = "update cust_info set cust_pw ='".md5($pass)."', temp_pass = 1 where cust_lg = '$id' and cust_pw = '$password'"; $result = connect($sql); if ($result){ return $pass; }else{ change_password($id, $password); } }//end function [/code]


bastien

From: "moses Woldeselassie" <[EMAIL PROTECTED]>
To: php-db@lists.php.net
Subject: [PHP-DB] MySQLPHP decrypt(password)
Date: Fri, 25 Feb 2005 10:20:55 +0000
hi all
I am using password() to crypt a user password online. but how do i decrypt a user password, when user forgot his/her password?
kind regards
m
--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


--
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP-DB] MySQLPHP decrypt(password)

Reply via email to