...

View Full Version : email



LearningCoder
07-12-2012, 02:26 AM
Hello,

I wanted to know if there is any possible way to decrypt a password from a database. I have a simple login/username system and also a "forgotten password page". When trying to recover their lost password, the email that is sent to them is displaying the encrypted password rather than what they actually typed in when registering. I am using the md5() function to do this.

I've read that it cannot be decrypted so is there any other possible ways to send that original password back to the user?

Kind regards,

LC.

tempz
07-12-2012, 02:28 AM
Yes, they're simple if the password has been sent in MD5 just use a MD5 decrypt

But if the password is encrypted using these two: salt, md5 you cannot!

tangoforce
07-12-2012, 03:30 AM
Yes, they're simple if the password has been sent in MD5 just use a MD5 decrypt


MD5 decrypt? - Are you sure you're not confusing that with base64?

MD5 us a one way encryption algorithm. That was the whole point - it's not easy to decrypt it. Sure it can be done with rainbow tables, knowledge and some time to fiddle with it but its not something the average joe can do.

@LC: Forget it, just email out a password change link instead which takes them to your site and a change PW form.

LearningCoder
07-12-2012, 10:46 AM
MD5 decrypt? - Are you sure you're not confusing that with base64?

MD5 us a one way encryption algorithm. That was the whole point - it's not easy to decrypt it. Sure it can be done with rainbow tables, knowledge and some time to fiddle with it but its not something the average joe can do.

@LC: Forget it, just email out a password change link instead which takes them to your site and a change PW form.

Thank you very much, I thought about doing that but wondered if it could be done a different way. I'm going to work on this during the course of the day so will keep updating this thread.

Kind regards,

LC.

LearningCoder
07-13-2012, 01:26 AM
Do I need to pass a value through the URL of the link inside the email such as the users id?

for instance:


//the user enters the email address.
$email = $_POST['email'];

//connect db, query select * from tablename where email='{$email}'

//if row was matched

$row = mysql_fetch_array($query);

$id = intval($row['id']);

//write email....
$to = $email;
$body = "bla bla";
$body .= 'Visit this link: <a href="reset_pass.php?id='$id'">reset pass link</a>';

//send email, when user clicks the link redirect them to reset_pass.php asking them to enter a new password............

//action file for reset_pass.php form down below....

$get_id = intval($_GET['id']);
$newpass = $_POST['new_pass'];

//query using the id to select the correct user...insert new pass into password table field.....


Can you tell me if this is the way to do it or have I completely lost track? I'm confused right now.

Regards,

LC.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum