Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5

Thread: email

  1. #1
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts

    email

    Hello,

    I wanted to know if there is any possible way to decrypt a password from a database. I have a simple login/username system and also a "forgotten password page". When trying to recover their lost password, the email that is sent to them is displaying the encrypted password rather than what they actually typed in when registering. I am using the md5() function to do this.

    I've read that it cannot be decrypted so is there any other possible ways to send that original password back to the user?

    Kind regards,

    LC.
    Last edited by LearningCoder; 07-12-2012 at 01:28 AM. Reason: typically something needed adding.

  • #2
    Regular Coder
    Join Date
    Jul 2012
    Location
    London
    Posts
    473
    Thanks
    4
    Thanked 86 Times in 86 Posts
    Yes, they're simple if the password has been sent in MD5 just use a MD5 decrypt

    But if the password is encrypted using these two: salt, md5 you cannot!

  • #3
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,344
    Thanks
    60
    Thanked 527 Times in 514 Posts
    Blog Entries
    4
    Quote Originally Posted by tempz View Post
    Yes, they're simple if the password has been sent in MD5 just use a MD5 decrypt
    MD5 decrypt? - Are you sure you're not confusing that with base64?

    MD5 us a one way encryption algorithm. That was the whole point - it's not easy to decrypt it. Sure it can be done with rainbow tables, knowledge and some time to fiddle with it but its not something the average joe can do.

    @LC: Forget it, just email out a password change link instead which takes them to your site and a change PW form.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #4
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts
    Quote Originally Posted by tangoforce View Post
    MD5 decrypt? - Are you sure you're not confusing that with base64?

    MD5 us a one way encryption algorithm. That was the whole point - it's not easy to decrypt it. Sure it can be done with rainbow tables, knowledge and some time to fiddle with it but its not something the average joe can do.

    @LC: Forget it, just email out a password change link instead which takes them to your site and a change PW form.
    Thank you very much, I thought about doing that but wondered if it could be done a different way. I'm going to work on this during the course of the day so will keep updating this thread.

    Kind regards,

    LC.

  • #5
    Regular Coder LearningCoder's Avatar
    Join Date
    Jan 2011
    Location
    The Pleiades
    Posts
    924
    Thanks
    76
    Thanked 29 Times in 29 Posts
    Do I need to pass a value through the URL of the link inside the email such as the users id?

    for instance:
    PHP Code:
    //the user enters the email address.
    $email $_POST['email'];

    //connect db, query select * from tablename where email='{$email}'

    //if row was matched

    $row mysql_fetch_array($query);

    $id intval($row['id']);

    //write email....
    $to $email;
    $body "bla bla";
    $body .= 'Visit this link: <a href="reset_pass.php?id='$id'">reset pass link</a>';

    //send email, when user clicks the link redirect them to reset_pass.php asking them to enter a new password............

    //action file for reset_pass.php form down below....

    $get_id intval($_GET['id']);
    $newpass $_POST['new_pass'];

    //query using the id to select the correct user...insert new pass into password table field..... 
    Can you tell me if this is the way to do it or have I completely lost track? I'm confused right now.

    Regards,

    LC.
    Last edited by LearningCoder; 07-13-2012 at 12:28 AM.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •